All the vulnerabilites related to redhat - libvirt
cve-2013-4296
Vulnerability from cvelistv5
Published
2013-09-30 21:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2013/dsa-2764 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.ubuntu.com/usn/USN-1954-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://wiki.libvirt.org/page/Maintenance_Releases | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1272.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1006173 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1460.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0"
},
{
"name": "DSA-2764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2764"
},
{
"name": "USN-1954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"name": "RHSA-2013:1272",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006173"
},
{
"name": "RHSA-2013:1460",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"name": "openSUSE-SU-2013:1550",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"name": "openSUSE-SU-2013:1549",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0"
},
{
"name": "DSA-2764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2764"
},
{
"name": "USN-1954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"name": "RHSA-2013:1272",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006173"
},
{
"name": "RHSA-2013:1460",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"name": "openSUSE-SU-2013:1550",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"name": "openSUSE-SU-2013:1549",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4296",
"datePublished": "2013-09-30T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2693
Vulnerability from cvelistv5
Published
2012-06-17 01:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/06/11/3 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2013-0127.html | vendor-advisory, x_refsource_REDHAT | |
| https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2012-0748.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2012/06/11/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"
},
{
"name": "RHSA-2013:0127",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"
},
{
"name": "[libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"
},
{
"name": "RHSA-2012:0748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"
},
{
"name": "[oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"
},
{
"name": "RHSA-2013:0127",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"
},
{
"name": "[libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"
},
{
"name": "RHSA-2012:0748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"
},
{
"name": "[oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2693",
"datePublished": "2012-06-17T01:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10703
Vulnerability from cvelistv5
Published
2020-06-02 00:00
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10703"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790725"
},
{
"tags": [
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=dfff16a7c261f8d28e3abe60a47165f845fa952f"
},
{
"tags": [
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5d5c732d748d644ec14626bce448e84bdc4bd93e"
},
{
"tags": [
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0005/"
},
{
"name": "FEDORA-2020-5cd83efda7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T13:06:04.925695",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10703"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790725"
},
{
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=dfff16a7c261f8d28e3abe60a47165f845fa952f"
},
{
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5d5c732d748d644ec14626bce448e84bdc4bd93e"
},
{
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200608-0005/"
},
{
"name": "FEDORA-2020-5cd83efda7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10703",
"datePublished": "2020-06-02T00:00:00",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:06:11.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10166
Vulnerability from cvelistv5
Published
2019-08-02 12:02
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/libvirt-privesc-vulnerabilities | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202003-18 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "4.x.x before 4.10.1"
},
{
"status": "affected",
"version": "5.x.x before 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T04:06:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "4.x.x before 4.10.1"
},
{
"version_value": "5.x.x before 5.4.1"
}
]
}
}
]
},
"vendor_name": "libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.8/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/libvirt-privesc-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166"
},
{
"name": "GLSA-202003-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10166",
"datePublished": "2019-08-02T12:02:59",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2230
Vulnerability from cvelistv5
Published
2013-09-30 21:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."
References
| ▼ | URL | Tags |
|---|---|---|
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=981476 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/07/10/5 | mailing-list, x_refsource_MLIST | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f38c8185f97720ecae7ef2291fbaa5d6b0209e17 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=981476"
},
{
"name": "[oss-security] 20130710 [NOT A CVE REQUEST] CVE-2013-2230 -- libvirt: multiple registered events crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/10/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f38c8185f97720ecae7ef2291fbaa5d6b0209e17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving \"multiple events registration.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-30T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=981476"
},
{
"name": "[oss-security] 20130710 [NOT A CVE REQUEST] CVE-2013-2230 -- libvirt: multiple registered events crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/10/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f38c8185f97720ecae7ef2291fbaa5d6b0209e17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2230",
"datePublished": "2013-09-30T21:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-08-06T15:27:41.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5177
Vulnerability from cvelistv5
Published
2014-08-03 18:00
Modified
2024-08-06 11:34
Severity ?
EPSS score ?
Summary
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0560.html | vendor-advisory, x_refsource_REDHAT | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-2366-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://security.libvirt.org/2014/0003.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0560",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
},
{
"name": "openSUSE-SU-2014:0650",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"name": "USN-2366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2014/0003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2014:0560",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
},
{
"name": "openSUSE-SU-2014:0650",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"name": "USN-2366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2014/0003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0560",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
},
{
"name": "http://libvirt.org/news.html",
"refsource": "CONFIRM",
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0674",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
},
{
"name": "openSUSE-SU-2014:0650",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"name": "USN-2366-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"name": "http://security.libvirt.org/2014/0003.html",
"refsource": "CONFIRM",
"url": "http://security.libvirt.org/2014/0003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5177",
"datePublished": "2014-08-03T18:00:00",
"dateReserved": "2014-08-03T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12430
Vulnerability from cvelistv5
Published
2020-04-28 00:00
Modified
2024-08-04 11:56
Severity ?
EPSS score ?
Summary
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804548"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828190"
},
{
"tags": [
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0003/"
},
{
"name": "USN-4371-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4371-1/"
},
{
"name": "FEDORA-2020-5cd83efda7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T13:05:57.649976",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804548"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828190"
},
{
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200518-0003/"
},
{
"name": "USN-4371-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4371-1/"
},
{
"name": "FEDORA-2020-5cd83efda7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12430",
"datePublished": "2020-04-28T00:00:00",
"dateReserved": "2020-04-28T00:00:00",
"dateUpdated": "2024-08-04T11:56:52.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4600
Vulnerability from cvelistv5
Published
2016-04-14 15:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.
References
| ▼ | URL | Tags |
|---|---|---|
| http://libvirt.org/news-2012.html | x_refsource_CONFIRM | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=ae1232b298323dd7bef909426e2ebafa6bca9157 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=760442 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2867-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news-2012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=ae1232b298323dd7bef909426e2ebafa6bca9157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760442"
},
{
"name": "USN-2867-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-14T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news-2012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=ae1232b298323dd7bef909426e2ebafa6bca9157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760442"
},
{
"name": "USN-2867-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4600",
"datePublished": "2016-04-14T15:00:00",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2218
Vulnerability from cvelistv5
Published
2013-09-30 21:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=980112 | x_refsource_CONFIRM | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/07/01/6 | mailing-list, x_refsource_MLIST | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=244e0b8cf15ca2ef48d82058e728656e6c4bad11 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=980112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "[oss-security] 20130701 CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/01/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=244e0b8cf15ca2ef48d82058e728656e6c4bad11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the \"virsh iface-list --inactive\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-30T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=980112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "[oss-security] 20130701 CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/01/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=244e0b8cf15ca2ef48d82058e728656e6c4bad11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2218",
"datePublished": "2013-09-30T21:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-08-06T15:27:41.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4291
Vulnerability from cvelistv5
Published
2013-09-30 21:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1006509 | x_refsource_CONFIRM | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://wiki.libvirt.org/page/Maintenance_Releases | x_refsource_CONFIRM | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006509"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-30T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006509"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4291",
"datePublished": "2013-09-30T21:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-08-06T16:38:01.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10167
Vulnerability from cvelistv5
Published
2019-08-02 12:05
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/libvirt-privesc-vulnerabilities | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202003-18 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "4.x.x before 4.10.1"
},
{
"status": "affected",
"version": "5.x.x before 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T04:06:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "4.x.x before 4.10.1"
},
{
"version_value": "5.x.x before 5.4.1"
}
]
}
}
]
},
"vendor_name": "libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/libvirt-privesc-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"name": "GLSA-202003-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10167",
"datePublished": "2019-08-02T12:05:52",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3559
Vulnerability from cvelistv5
Published
2021-05-24 11:55
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1962306 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210706-0006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210706-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libvirt 7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the \u0027nodedev-list\u0027 virsh command. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-06T07:06:29",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210706-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "libvirt 7.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the \u0027nodedev-list\u0027 virsh command. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1962306",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962306"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210706-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210706-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3559",
"datePublished": "2021-05-24T11:55:02",
"dateReserved": "2021-05-19T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4297
Vulnerability from cvelistv5
Published
2013-09-30 21:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=2dba0323ff0cec31bdcea9dd3b2428af297401f2 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4297 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=2dba0323ff0cec31bdcea9dd3b2428af297401f2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=2dba0323ff0cec31bdcea9dd3b2428af297401f2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4297"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4297",
"datePublished": "2013-09-30T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14339
Vulnerability from cvelistv5
Published
2020-12-03 00:00
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1860069 | ||
| https://security.gentoo.org/glsa/202101-22 | vendor-advisory | |
| https://security.gentoo.org/glsa/202210-06 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860069"
},
{
"name": "GLSA-202101-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-22"
},
{
"name": "GLSA-202210-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libvirt 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860069"
},
{
"name": "GLSA-202101-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202101-22"
},
{
"name": "GLSA-202210-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14339",
"datePublished": "2020-12-03T00:00:00",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10132
Vulnerability from cvelistv5
Published
2019-05-22 17:21
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.libvirt.org/2019/0003.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:1264 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1268 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/ | vendor-advisory, x_refsource_FEDORA | |
| https://access.redhat.com/errata/RHSA-2019:1455 | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/4021-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.libvirt.org/2019/0003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132"
},
{
"name": "RHSA-2019:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1264"
},
{
"name": "RHSA-2019:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1268"
},
{
"name": "FEDORA-2019-5f105dd2b6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-4021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4021-1/"
},
{
"name": "FEDORA-2019-9210998aaa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "affects \u003e= 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libvirt \u003e= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T03:06:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.libvirt.org/2019/0003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132"
},
{
"name": "RHSA-2019:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1264"
},
{
"name": "RHSA-2019:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1268"
},
{
"name": "FEDORA-2019-5f105dd2b6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-4021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4021-1/"
},
{
"name": "FEDORA-2019-9210998aaa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10132",
"datePublished": "2019-05-22T17:21:19",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4423
Vulnerability from cvelistv5
Published
2012-11-19 11:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f8fbeb50d52520a109d71c8566fed2ea600650ec"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a"
},
{
"name": "FEDORA-2012-15640",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html"
},
{
"name": "FEDORA-2012-15634",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html"
},
{
"name": "openSUSE-SU-2013:0274",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
},
{
"name": "1027649",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=857133"
},
{
"name": "[libvirt] 20120912 [PATCH] Fix libvirtd crash possibility",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html"
},
{
"name": "55541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55541"
},
{
"name": "RHSA-2012:1359",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1359.html"
},
{
"name": "USN-1708-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1708-1"
},
{
"name": "[oss-security] 20120913 Re: CVE Request -- libvirt: null function pointer invocation in virNetServerProgramDispatchCall()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a \"gap\" in the RPC dispatch table."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-29T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f8fbeb50d52520a109d71c8566fed2ea600650ec"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a"
},
{
"name": "FEDORA-2012-15640",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html"
},
{
"name": "FEDORA-2012-15634",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html"
},
{
"name": "openSUSE-SU-2013:0274",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
},
{
"name": "1027649",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=857133"
},
{
"name": "[libvirt] 20120912 [PATCH] Fix libvirtd crash possibility",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html"
},
{
"name": "55541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55541"
},
{
"name": "RHSA-2012:1359",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1359.html"
},
{
"name": "USN-1708-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1708-1"
},
{
"name": "[oss-security] 20120913 Re: CVE Request -- libvirt: null function pointer invocation in virNetServerProgramDispatchCall()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4423",
"datePublished": "2012-11-19T11:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:35:09.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3672
Vulnerability from cvelistv5
Published
2016-05-25 15:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | x_refsource_CONFIRM | |
| http://xenbits.xen.org/xsa/advisory-180.html | x_refsource_CONFIRM | |
| https://libvirt.org/news-2015.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035945 | vdb-entry, x_refsource_SECTRACK | |
| https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=0d968ad715475a1660779bcdd2c5b38ad63db4cf | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-180.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libvirt.org/news-2015.html"
},
{
"name": "1035945",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035945"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=0d968ad715475a1660779bcdd2c5b38ad63db4cf"
},
{
"name": "[oss-security] 20160524 CVE-2014-3672 libvirt: DoS via excessive logging",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-07T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-180.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libvirt.org/news-2015.html"
},
{
"name": "1035945",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035945"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=0d968ad715475a1660779bcdd2c5b38ad63db4cf"
},
{
"name": "[oss-security] 20160524 CVE-2014-3672 libvirt: DoS via excessive logging",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3672",
"datePublished": "2016-05-25T15:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7823
Vulnerability from cvelistv5
Published
2014-11-13 15:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62058 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/62303 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/USN-2404-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/60010 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.libvirt.org/2014/0007.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62058"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "62303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62303"
},
{
"name": "USN-2404-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2404-1"
},
{
"name": "openSUSE-SU-2014:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html"
},
{
"name": "60010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2014/0007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "62058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62058"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "62303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62303"
},
{
"name": "USN-2404-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2404-1"
},
{
"name": "openSUSE-SU-2014:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html"
},
{
"name": "60010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2014/0007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-7823",
"datePublished": "2014-11-13T15:00:00",
"dateReserved": "2014-10-03T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8135
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61111 | third-party-advisory, x_refsource_SECUNIA | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=87b9437f8951f9d24f9a85c6bbfff0e54df8c984 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1087104 | x_refsource_CONFIRM | |
| http://security.libvirt.org/2014/0009.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=87b9437f8951f9d24f9a85c6bbfff0e54df8c984"
},
{
"name": "openSUSE-SU-2015:0008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087104"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2014/0009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a \"virsh vol-upload\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-06T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "61111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=87b9437f8951f9d24f9a85c6bbfff0e54df8c984"
},
{
"name": "openSUSE-SU-2015:0008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087104"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2014/0009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8135",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6457
Vulnerability from cvelistv5
Published
2014-01-24 18:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2093-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html | vendor-advisory, x_refsource_SUSE | |
| https://www.redhat.com/archives/libvir-list/2013-December/msg01176.html | mailing-list, x_refsource_MLIST | |
| https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1048629 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"name": "[libvirt] 20131220 [PATCH] libxl: avoid crashing if calling `virsh numatune\u0027 on inactive domain",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01176.html"
},
{
"name": "[libvirt] 20131224 CVE-2013-6457 Re: [PATCH] libxl: avoid crashing if calling `virsh numatune\u0027 on inactive domain",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"name": "[libvirt] 20131220 [PATCH] libxl: avoid crashing if calling `virsh numatune\u0027 on inactive domain",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01176.html"
},
{
"name": "[libvirt] 20131224 CVE-2013-6457 Re: [PATCH] libxl: avoid crashing if calling `virsh numatune\u0027 on inactive domain",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048629"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6457",
"datePublished": "2014-01-24T18:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3750
Vulnerability from cvelistv5
Published
2023-07-24 15:19
Modified
2024-12-03 15:25
Severity ?
EPSS score ?
Summary
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:6409 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-3750 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2222210 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 9 |
Unaffected: 0:9.5.0-7.el9_3 < * cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:6409",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6409"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3750"
},
{
"name": "RHBZ#2222210",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222210"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T17:10:30.759511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T15:25:47.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "libvirt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:9.5.0-7.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "libvirt",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "libvirt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/libvirt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/libvirt",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
}
],
"datePublic": "2023-07-18T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:29:21.978Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:6409",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6409"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3750"
},
{
"name": "RHBZ#2222210",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222210"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-11T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-18T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service",
"x_redhatCweChain": "CWE-667: Improper Locking"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3750",
"datePublished": "2023-07-24T15:19:22.512Z",
"dateReserved": "2023-07-18T15:26:47.625Z",
"dateUpdated": "2024-12-03T15:25:47.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1486
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.avaya.com/css/P8/documents/100134583 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44459 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2011-0479.html | vendor-advisory, x_refsource_REDHAT | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1025477 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/47148 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-1152-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.redhat.com/support/errata/RHSA-2011-0478.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=693391 | x_refsource_CONFIRM | |
| https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2280 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100134583"
},
{
"name": "44459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44459"
},
{
"name": "RHSA-2011:0479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0479.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670"
},
{
"name": "1025477",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025477"
},
{
"name": "47148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47148"
},
{
"name": "USN-1152-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1152-1"
},
{
"name": "RHSA-2011:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0478.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391"
},
{
"name": "[libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html"
},
{
"name": "DSA-2280",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-12T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100134583"
},
{
"name": "44459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44459"
},
{
"name": "RHSA-2011:0479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0479.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670"
},
{
"name": "1025477",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025477"
},
{
"name": "47148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47148"
},
{
"name": "USN-1152-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1152-1"
},
{
"name": "RHSA-2011:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0478.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391"
},
{
"name": "[libvirt] 20110323 [PATCH] Make error reporting in libvirtd thread safe",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html"
},
{
"name": "DSA-2280",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2280"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1486",
"datePublished": "2011-05-31T20:00:00",
"dateReserved": "2011-03-21T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10161
Vulnerability from cvelistv5
Published
2019-07-30 22:14
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161 | x_refsource_CONFIRM | |
| https://access.redhat.com/libvirt-privesc-vulnerabilities | x_refsource_CONFIRM | |
| https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4047-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/202003-18 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580"
},
{
"name": "USN-4047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4047-2/"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "Libvirt",
"versions": [
{
"status": "affected",
"version": "fixed in 4.10.1"
},
{
"status": "affected",
"version": "fixed in 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T04:06:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580"
},
{
"name": "USN-4047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4047-2/"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "fixed in 4.10.1"
},
{
"version_value": "fixed in 5.4.1"
}
]
}
}
]
},
"vendor_name": "Libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161"
},
{
"name": "https://access.redhat.com/libvirt-privesc-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"name": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580",
"refsource": "CONFIRM",
"url": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580"
},
{
"name": "USN-4047-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4047-2/"
},
{
"name": "GLSA-202003-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10161",
"datePublished": "2019-07-30T22:14:10",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3667
Vulnerability from cvelistv5
Published
2022-03-02 00:00
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094"
},
{
"tags": [
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220331-0005/"
},
{
"name": "GLSA-202210-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixedin - libvert v7.6.0-rc1 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 (improper Locking)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094"
},
{
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87"
},
{
"url": "https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220331-0005/"
},
{
"name": "GLSA-202210-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3667",
"datePublished": "2022-03-02T00:00:00",
"dateReserved": "2021-07-27T00:00:00",
"dateUpdated": "2024-08-03T17:01:08.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1064
Vulnerability from cvelistv5
Published
2018-03-28 18:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3680-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://access.redhat.com/errata/RHSA-2018:1396 | vendor-advisory, x_refsource_REDHAT | |
| https://www.debian.org/security/2018/dsa-4137 | vendor-advisory, x_refsource_DEBIAN | |
| https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:1929 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1550672 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:47.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"name": "DSA-4137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"
},
{
"name": "RHSA-2018:1929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"
},
{
"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "before 4.2.0-rc1"
}
]
}
],
"datePublic": "2018-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"name": "DSA-4137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"
},
{
"name": "RHSA-2018:1929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"
},
{
"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-1064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "before 4.2.0-rc1"
}
]
}
}
]
},
"vendor_name": "libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3680-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1396",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"name": "DSA-4137",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"name": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513",
"refsource": "CONFIRM",
"url": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"
},
{
"name": "RHSA-2018:1929",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"
},
{
"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1064",
"datePublished": "2018-03-28T18:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T01:51:12.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1447
Vulnerability from cvelistv5
Published
2014-01-24 18:00
Modified
2024-08-06 09:42
Severity ?
EPSS score ?
Summary
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2093-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/56446 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-2846 | vendor-advisory, x_refsource_DEBIAN | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/56321 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1029695 | vdb-entry, x_refsource_SECTRACK | |
| http://rhn.redhat.com/errata/RHSA-2014-0103.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1047577 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"name": "56446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56446"
},
{
"name": "DSA-2846",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "56321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56321"
},
{
"name": "openSUSE-SU-2014:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"name": "1029695",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029695"
},
{
"name": "RHSA-2014:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0103.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1047577"
},
{
"name": "openSUSE-SU-2014:0270",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"name": "56446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56446"
},
{
"name": "DSA-2846",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "56321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56321"
},
{
"name": "openSUSE-SU-2014:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"name": "1029695",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029695"
},
{
"name": "RHSA-2014:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0103.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1047577"
},
{
"name": "openSUSE-SU-2014:0270",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2093-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"name": "56446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56446"
},
{
"name": "DSA-2846",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2846"
},
{
"name": "http://libvirt.org/news.html",
"refsource": "CONFIRM",
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "56321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56321"
},
{
"name": "openSUSE-SU-2014:0268",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"name": "1029695",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029695"
},
{
"name": "RHSA-2014:0103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0103.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1047577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1047577"
},
{
"name": "openSUSE-SU-2014:0270",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1447",
"datePublished": "2014-01-24T18:00:00",
"dateReserved": "2014-01-14T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1962
Vulnerability from cvelistv5
Published
2013-05-29 00:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-8635",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106906.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739"
},
{
"name": "[oss-security] 20130516 CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/16/9"
},
{
"name": "FEDORA-2013-8681",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106921.html"
},
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953107"
},
{
"name": "USN-1895-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1895-1"
},
{
"name": "59937",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59937"
},
{
"name": "53475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53475"
},
{
"name": "53440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53440"
},
{
"name": "RHSA-2013:0831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0831.html"
},
{
"name": "1028577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028577"
},
{
"name": "openSUSE-SU-2013:0885",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00022.html"
},
{
"name": "libvirt-cve20131962-dos(84341)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84341"
},
{
"name": "[libvir-list] 20130516 [libvirt] [PATCH] daemon: fix leak after listing all volumes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2013-May/msg01222.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests \"to list all volumes for the particular pool.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2013-8635",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106906.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739"
},
{
"name": "[oss-security] 20130516 CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/16/9"
},
{
"name": "FEDORA-2013-8681",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106921.html"
},
{
"name": "93451",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953107"
},
{
"name": "USN-1895-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1895-1"
},
{
"name": "59937",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59937"
},
{
"name": "53475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53475"
},
{
"name": "53440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53440"
},
{
"name": "RHSA-2013:0831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0831.html"
},
{
"name": "1028577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028577"
},
{
"name": "openSUSE-SU-2013:0885",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00022.html"
},
{
"name": "libvirt-cve20131962-dos(84341)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84341"
},
{
"name": "[libvir-list] 20130516 [libvirt] [PATCH] daemon: fix leak after listing all volumes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2013-May/msg01222.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1962",
"datePublished": "2013-05-29T00:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2635
Vulnerability from cvelistv5
Published
2018-08-22 21:00
Modified
2024-08-05 14:02
Severity ?
EPSS score ?
Summary
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635 | x_refsource_CONFIRM | |
| https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=c3de387380f6057ee0e46cd9f2f0a092e8070875 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | The libvirt Project | libvirt |
Version: from 2.5.0 to 3.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:06.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=c3de387380f6057ee0e46cd9f2f0a092e8070875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "The libvirt Project",
"versions": [
{
"status": "affected",
"version": "from 2.5.0 to 3.0.0"
}
]
}
],
"datePublic": "2017-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-22T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=c3de387380f6057ee0e46cd9f2f0a092e8070875"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "from 2.5.0 to 3.0.0"
}
]
}
}
]
},
"vendor_name": "The libvirt Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635"
},
{
"name": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=c3de387380f6057ee0e46cd9f2f0a092e8070875",
"refsource": "CONFIRM",
"url": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=c3de387380f6057ee0e46cd9f2f0a092e8070875"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2635",
"datePublished": "2018-08-22T21:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:06.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5748
Vulnerability from cvelistv5
Published
2018-01-25 16:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:1396 | vendor-advisory, x_refsource_REDHAT | |
| https://www.debian.org/security/2018/dsa-4137 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2018:1929 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/102825 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"name": "DSA-4137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"name": "[libvir-list] 20180116 [PATCH] qemu: avoid denial of service reading from QEMU monitor (CVE-2018-xxxx)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html"
},
{
"name": "RHSA-2018:1929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"name": "102825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102825"
},
{
"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:1396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"name": "DSA-4137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"name": "[libvir-list] 20180116 [PATCH] qemu: avoid denial of service reading from QEMU monitor (CVE-2018-xxxx)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html"
},
{
"name": "RHSA-2018:1929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"name": "102825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102825"
},
{
"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1396",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"name": "DSA-4137",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"name": "[libvir-list] 20180116 [PATCH] qemu: avoid denial of service reading from QEMU monitor (CVE-2018-xxxx)",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html"
},
{
"name": "RHSA-2018:1929",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"name": "102825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102825"
},
{
"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5748",
"datePublished": "2018-01-25T16:00:00",
"dateReserved": "2018-01-17T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5651
Vulnerability from cvelistv5
Published
2013-09-30 21:00
Modified
2024-08-06 17:15
Severity ?
EPSS score ?
Summary
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.
References
| ▼ | URL | Tags |
|---|---|---|
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-1954-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2013/08/30/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=997367 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25"
},
{
"name": "USN-1954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"name": "[oss-security] 20130830 Re: CVE request -- libvirt: virBitmapParse out-of-bounds read access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/30/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=997367"
},
{
"name": "openSUSE-SU-2013:1550",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25"
},
{
"name": "USN-1954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"name": "[oss-security] 20130830 Re: CVE request -- libvirt: virBitmapParse out-of-bounds read access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/30/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=997367"
},
{
"name": "openSUSE-SU-2013:1550",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://libvirt.org/news.html",
"refsource": "CONFIRM",
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25",
"refsource": "CONFIRM",
"url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25"
},
{
"name": "USN-1954-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"name": "[oss-security] 20130830 Re: CVE request -- libvirt: virBitmapParse out-of-bounds read access",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/30/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=997367",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=997367"
},
{
"name": "openSUSE-SU-2013:1550",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5651",
"datePublished": "2013-09-30T21:00:00",
"dateReserved": "2013-08-30T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20485
Vulnerability from cvelistv5
Published
2020-03-19 01:29
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
References
| ▼ | URL | Tags |
|---|---|---|
| https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc | x_refsource_CONFIRM | |
| https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1809740 | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2019-20485 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809740"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-20485"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078"
},
{
"name": "FEDORA-2020-5cd83efda7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T02:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809740"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-20485"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078"
},
{
"name": "FEDORA-2020-5cd83efda7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=a663a860819287e041c3de672aad1d8543098ecc",
"refsource": "CONFIRM",
"url": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=a663a860819287e041c3de672aad1d8543098ecc"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1730509.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1730509.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1809740",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809740"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-20485",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-20485"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078"
},
{
"name": "FEDORA-2020-5cd83efda7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20485",
"datePublished": "2020-03-19T01:29:44",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-05T02:39:10.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8131
Vulnerability from cvelistv5
Published
2015-01-06 15:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.libvirt.org/2014/0008.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2014/0008.html"
},
{
"name": "openSUSE-SU-2015:0008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-06T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2014/0008.html"
},
{
"name": "openSUSE-SU-2015:0008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8131",
"datePublished": "2015-01-06T15:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0170
Vulnerability from cvelistv5
Published
2013-02-08 20:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-1626",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html"
},
{
"name": "openSUSE-SU-2013:0275",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html"
},
{
"name": "89644",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89644"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "libvirt-virnetmessagefree-code-exec(81552)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552"
},
{
"name": "openSUSE-SU-2013:0274",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
},
{
"name": "SUSE-SU-2013:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html"
},
{
"name": "FEDORA-2013-1644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"name": "1028047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028047"
},
{
"name": "USN-1708-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1708-1"
},
{
"name": "FEDORA-2013-1642",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720"
},
{
"name": "52001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52001"
},
{
"name": "RHSA-2013:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0199.html"
},
{
"name": "57578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57578"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450"
},
{
"name": "52003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2013-1626",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html"
},
{
"name": "openSUSE-SU-2013:0275",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html"
},
{
"name": "89644",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89644"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "libvirt-virnetmessagefree-code-exec(81552)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552"
},
{
"name": "openSUSE-SU-2013:0274",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
},
{
"name": "SUSE-SU-2013:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html"
},
{
"name": "FEDORA-2013-1644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"name": "1028047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028047"
},
{
"name": "USN-1708-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1708-1"
},
{
"name": "FEDORA-2013-1642",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720"
},
{
"name": "52001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52001"
},
{
"name": "RHSA-2013:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0199.html"
},
{
"name": "57578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57578"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450"
},
{
"name": "52003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52003"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0170",
"datePublished": "2013-02-08T20:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5008
Vulnerability from cvelistv5
Published
2016-07-13 15:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180092"
},
{
"name": "FEDORA-2016-65cc608ebe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZZMOMRXNPALA34XDF5NK363KDLAYSTL/"
},
{
"name": "DSA-3613",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3613"
},
{
"name": "91562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2016/0001.html"
},
{
"name": "openSUSE-SU-2016:1810",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00055.html"
},
{
"name": "FEDORA-2016-7b7e16a39e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTQF6LXKEEMJG4VOOCIAPJAD6ACBYP4W/"
},
{
"name": "openSUSE-SU-2016:1975",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00024.html"
},
{
"name": "openSUSE-SU-2016:1809",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00054.html"
},
{
"name": "RHSA-2016:2577",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"name": "USN-3576-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3576-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180092"
},
{
"name": "FEDORA-2016-65cc608ebe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZZMOMRXNPALA34XDF5NK363KDLAYSTL/"
},
{
"name": "DSA-3613",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3613"
},
{
"name": "91562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2016/0001.html"
},
{
"name": "openSUSE-SU-2016:1810",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00055.html"
},
{
"name": "FEDORA-2016-7b7e16a39e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTQF6LXKEEMJG4VOOCIAPJAD6ACBYP4W/"
},
{
"name": "openSUSE-SU-2016:1975",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00024.html"
},
{
"name": "openSUSE-SU-2016:1809",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00054.html"
},
{
"name": "RHSA-2016:2577",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"name": "USN-3576-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3576-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5008",
"datePublished": "2016-07-13T15:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8235
Vulnerability from cvelistv5
Published
2024-08-30 16:16
Modified
2024-11-15 17:54
Severity ?
EPSS score ?
Summary
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:9128 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-8235 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2308680 | issue-tracking, x_refsource_REDHAT | |
| https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/X6WOVCL6QF3FQRFIIXL736RFZVSUWLWJ/ |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 10.4.0 ≤ |
||||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:10:46.243548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:10:55.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-20T16:03:15.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240920-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/libvirt/libvirt",
"defaultStatus": "unaffected",
"packageName": "libvirt",
"versions": [
{
"lessThan": "10.7.0",
"status": "affected",
"version": "10.4.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "libvirt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:10.5.0-7.el9_5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "libvirt",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "libvirt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/libvirt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/libvirt",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
}
],
"datePublic": "2024-08-29T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:54:34.739Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:9128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9128"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-8235"
},
{
"name": "RHBZ#2308680",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308680"
},
{
"url": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/X6WOVCL6QF3FQRFIIXL736RFZVSUWLWJ/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-30T12:58:26.577000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-08-29T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Libvirt: crash of virtinterfaced via virconnectlistinterfaces()",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-8235",
"datePublished": "2024-08-30T16:16:57.214Z",
"dateReserved": "2024-08-27T15:58:35.816Z",
"dateUpdated": "2024-11-15T17:54:34.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4154
Vulnerability from cvelistv5
Published
2013-09-30 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=96518d4316b711c72205117f8d5c967d5127bbb6 | x_refsource_CONFIRM | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=984821 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=986386 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2013/07/19/12 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=96518d4316b711c72205117f8d5c967d5127bbb6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=984821"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=986386"
},
{
"name": "[oss-security] 20130719 Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/07/19/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to \"agent based cpu (un)plug,\" as demonstrated by the \"virsh vcpucount foobar --guest\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-30T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=96518d4316b711c72205117f8d5c967d5127bbb6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=984821"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=986386"
},
{
"name": "[oss-security] 20130719 Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/07/19/12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4154",
"datePublished": "2013-09-30T21:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-08-06T16:30:50.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10701
Vulnerability from cvelistv5
Published
2021-05-27 18:45
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1819163 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210708-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libvirt 6.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T04:06:26",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "libvirt 6.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210708-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210708-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10701",
"datePublished": "2021-05-27T18:45:56",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:06:11.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8136
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/61111 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://advisories.mageia.org/MGASA-2015-0002.html | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-0323.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:023 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.ubuntu.com/usn/USN-2867-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d"
},
{
"name": "MDVSA-2015:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"
},
{
"name": "openSUSE-SU-2015:0006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html"
},
{
"name": "61111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61111"
},
{
"name": "openSUSE-SU-2015:0008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0002.html"
},
{
"name": "RHSA-2015:0323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"
},
{
"name": "MDVSA-2015:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:023"
},
{
"name": "USN-2867-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-14T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d"
},
{
"name": "MDVSA-2015:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"
},
{
"name": "openSUSE-SU-2015:0006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html"
},
{
"name": "61111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61111"
},
{
"name": "openSUSE-SU-2015:0008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0002.html"
},
{
"name": "RHSA-2015:0323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"
},
{
"name": "MDVSA-2015:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:023"
},
{
"name": "USN-2867-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8136",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:51.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2511
Vulnerability from cvelistv5
Published
2011-08-10 20:00
Modified
2024-08-06 23:00
Severity ?
EPSS score ?
Summary
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "libvirt-virdomaingetvcpus-bo(68271)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68271"
},
{
"name": "45441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45441"
},
{
"name": "FEDORA-2011-9091",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html"
},
{
"name": "45446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45446"
},
{
"name": "[oss-security] 20110628 CVE request: libvirt: integer overflow in VirDomainGetVcpus",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/9"
},
{
"name": "RHSA-2011:1197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1197.html"
},
{
"name": "RHSA-2011:1019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1019.html"
},
{
"name": "USN-1180-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1180-1"
},
{
"name": "45375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45375"
},
{
"name": "[libvirt] 20110624 [PATCH 2/2] remote: protect against integer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html"
},
{
"name": "1025822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025822"
},
{
"name": "DSA-2280",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2280"
},
{
"name": "SUSE-SU-2011:0837",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10027908"
},
{
"name": "FEDORA-2011-9062",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "libvirt-virdomaingetvcpus-bo(68271)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68271"
},
{
"name": "45441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45441"
},
{
"name": "FEDORA-2011-9091",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html"
},
{
"name": "45446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45446"
},
{
"name": "[oss-security] 20110628 CVE request: libvirt: integer overflow in VirDomainGetVcpus",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/9"
},
{
"name": "RHSA-2011:1197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1197.html"
},
{
"name": "RHSA-2011:1019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1019.html"
},
{
"name": "USN-1180-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1180-1"
},
{
"name": "45375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45375"
},
{
"name": "[libvirt] 20110624 [PATCH 2/2] remote: protect against integer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html"
},
{
"name": "1025822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025822"
},
{
"name": "DSA-2280",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2280"
},
{
"name": "SUSE-SU-2011:0837",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10027908"
},
{
"name": "FEDORA-2011-9062",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2511",
"datePublished": "2011-08-10T20:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1000256
Vulnerability from cvelistv5
Published
2017-10-31 15:00
Modified
2024-08-05 22:00
Severity ?
EPSS score ?
Summary
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html | mailing-list, x_refsource_MLIST | |
| https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html | x_refsource_MISC | |
| http://www.debian.org/security/2017/dsa-4003 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/security/cve/CVE-2017-1000256 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:39.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[libvirt-announce] 20171016 LSN-2017-0002 - TLS certificate verification disabled for clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html"
},
{
"name": "DSA-4003",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-4003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-1000256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-10-12T00:00:00",
"datePublic": "2017-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[libvirt-announce] 20171016 LSN-2017-0002 - TLS certificate verification disabled for clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html"
},
{
"name": "DSA-4003",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-4003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-1000256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-10-12",
"ID": "CVE-2017-1000256",
"REQUESTER": "berrange@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[libvirt-announce] 20171016 LSN-2017-0002 - TLS certificate verification disabled for clients",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1556251.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1556251.html"
},
{
"name": "DSA-4003",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-4003"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-1000256",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000256",
"datePublished": "2017-10-31T15:00:00",
"dateReserved": "2017-10-18T00:00:00",
"dateUpdated": "2024-08-05T22:00:39.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10168
Vulnerability from cvelistv5
Published
2019-08-02 12:08
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/libvirt-privesc-vulnerabilities | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202003-18 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "4.x.x before 4.10.1"
},
{
"status": "affected",
"version": "5.x.x before 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T04:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "4.x.x before 4.10.1"
},
{
"version_value": "5.x.x before 5.4.1"
}
]
}
}
]
},
"vendor_name": "libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/libvirt-privesc-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"name": "GLSA-202003-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10168",
"datePublished": "2019-08-02T12:08:14",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3975
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024326"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3975"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3975"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221201-0002/"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in libvirt v7.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 - Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T13:05:53.920907",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024326"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3975"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3975"
},
{
"url": "https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221201-0002/"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3975",
"datePublished": "2022-08-23T00:00:00",
"dateReserved": "2021-11-18T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4292
Vulnerability from cvelistv5
Published
2013-09-30 21:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.mail-archive.com/libvir-list%40redhat.com/msg83332.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "[libvirt] 20130829 [PATCH 01/12] Add bounds checking on virDomainMigrate*Params RPC calls (CVE-2013-4292)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/libvir-list%40redhat.com/msg83332.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "[libvirt] 20130829 [PATCH 01/12] Add bounds checking on virDomainMigrate*Params RPC calls (CVE-2013-4292)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/libvir-list%40redhat.com/msg83332.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4292",
"datePublished": "2013-09-30T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0236
Vulnerability from cvelistv5
Published
2015-01-29 15:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.libvirt.org/2015/0001.html | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 | vendor-advisory, x_refsource_MANDRIVA | |
| http://advisories.mageia.org/MGASA-2015-0046.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/62766 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2015-0323.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:035 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.ubuntu.com/usn/USN-2867-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2015/0001.html"
},
{
"name": "MDVSA-2015:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0046.html"
},
{
"name": "openSUSE-SU-2015:0225",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html"
},
{
"name": "62766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62766"
},
{
"name": "RHSA-2015:0323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"
},
{
"name": "MDVSA-2015:035",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035"
},
{
"name": "USN-2867-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-14T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2015/0001.html"
},
{
"name": "MDVSA-2015:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0046.html"
},
{
"name": "openSUSE-SU-2015:0225",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html"
},
{
"name": "62766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62766"
},
{
"name": "RHSA-2015:0323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"
},
{
"name": "MDVSA-2015:035",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035"
},
{
"name": "USN-2867-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0236",
"datePublished": "2015-01-29T15:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4147
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034195"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220513-0004/"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libvirt 2.33.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T13:06:11.861987",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034195"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220513-0004/"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4147",
"datePublished": "2022-03-25T00:00:00",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6436
Vulnerability from cvelistv5
Published
2014-01-07 19:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2093-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://osvdb.org/101485 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/56245 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa | x_refsource_CONFIRM | |
| https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"name": "101485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101485"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "56245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56245"
},
{
"name": "openSUSE-SU-2014:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa"
},
{
"name": "[libvirt] 20131220 SECURITY: CVE-2013-6436: libvirtd daemon crash when reading memory tunables for LXC guest in shutoff status",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the \"virsh memtune\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"name": "101485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101485"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "56245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56245"
},
{
"name": "openSUSE-SU-2014:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa"
},
{
"name": "[libvirt] 20131220 SECURITY: CVE-2013-6436: libvirtd daemon crash when reading memory tunables for LXC guest in shutoff status",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6436",
"datePublished": "2014-01-07T19:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7336
Vulnerability from cvelistv5
Published
2014-05-07 10:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=484cc321 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2014/03/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2014/03/18/3 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1077620 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=484cc321"
},
{
"name": "openSUSE-SU-2014:0593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html"
},
{
"name": "[oss-security] 20140318 CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/18/1"
},
{
"name": "[oss-security] 20140318 Re: CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077620"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=484cc321"
},
{
"name": "openSUSE-SU-2014:0593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html"
},
{
"name": "[oss-security] 20140318 CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/18/1"
},
{
"name": "[oss-security] 20140318 Re: CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077620"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://libvirt.org/news.html",
"refsource": "CONFIRM",
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=484cc321",
"refsource": "CONFIRM",
"url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=484cc321"
},
{
"name": "openSUSE-SU-2014:0593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html"
},
{
"name": "[oss-security] 20140318 CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/18/1"
},
{
"name": "[oss-security] 20140318 Re: CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/18/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1077620",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077620"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7336",
"datePublished": "2014-05-07T10:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3840
Vulnerability from cvelistv5
Published
2019-03-27 12:24
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1663051 | x_refsource_CONFIRM | |
| https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/ | vendor-advisory, x_refsource_FEDORA | |
| https://access.redhat.com/errata/RHSA-2019:2294 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | The libvirt Project | libvirt |
Version: 5.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html"
},
{
"name": "openSUSE-SU-2019:1288",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html"
},
{
"name": "openSUSE-SU-2019:1294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html"
},
{
"name": "FEDORA-2019-b3bfc61567",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/"
},
{
"name": "RHSA-2019:2294",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "The libvirt Project",
"versions": [
{
"status": "affected",
"version": "5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:25",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html"
},
{
"name": "openSUSE-SU-2019:1288",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html"
},
{
"name": "openSUSE-SU-2019:1294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html"
},
{
"name": "FEDORA-2019-b3bfc61567",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/"
},
{
"name": "RHSA-2019:2294",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "5.0.0"
}
]
}
}
]
},
"vendor_name": "The libvirt Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.8/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1663051",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663051"
},
{
"name": "https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html",
"refsource": "CONFIRM",
"url": "https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html"
},
{
"name": "openSUSE-SU-2019:1288",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html"
},
{
"name": "openSUSE-SU-2019:1294",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html"
},
{
"name": "FEDORA-2019-b3bfc61567",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/"
},
{
"name": "RHSA-2019:2294",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3840",
"datePublished": "2019-03-27T12:24:10",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10746
Vulnerability from cvelistv5
Published
2019-04-18 15:56
Modified
2024-08-06 03:30
Severity ?
EPSS score ?
Summary
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f | x_refsource_MISC | |
| https://github.com/libvirt/libvirt/compare/11288f5...8fd6867 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/04/msg00032.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libvirt/libvirt/compare/11288f5...8fd6867"
},
{
"name": "[debian-lts-announce] 20190430 [SECURITY] [DLA 1772-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-30T10:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libvirt/libvirt/compare/11288f5...8fd6867"
},
{
"name": "[debian-lts-announce] 20190430 [SECURITY] [DLA 1772-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f",
"refsource": "MISC",
"url": "https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f"
},
{
"name": "https://github.com/libvirt/libvirt/compare/11288f5...8fd6867",
"refsource": "MISC",
"url": "https://github.com/libvirt/libvirt/compare/11288f5...8fd6867"
},
{
"name": "[debian-lts-announce] 20190430 [SECURITY] [DLA 1772-1] libvirt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10746",
"datePublished": "2019-04-18T15:56:00",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6764
Vulnerability from cvelistv5
Published
2018-02-23 17:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2018/dsa-4137 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2018:3113 | vendor-advisory, x_refsource_REDHAT | |
| https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-3576-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"name": "RHSA-2018:3113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3113"
},
{
"name": "[libvirt] 20180205 [PATCH] virlog: determine the hostname on startup CVE-2018-XXX",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html"
},
{
"name": "USN-3576-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3576-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"name": "RHSA-2018:3113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3113"
},
{
"name": "[libvirt] 20180205 [PATCH] virlog: determine the hostname on startup CVE-2018-XXX",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html"
},
{
"name": "USN-3576-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3576-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4137",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"name": "RHSA-2018:3113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3113"
},
{
"name": "[libvirt] 20180205 [PATCH] virlog: determine the hostname on startup CVE-2018-XXX",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html"
},
{
"name": "USN-3576-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3576-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6764",
"datePublished": "2018-02-23T17:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4400
Vulnerability from cvelistv5
Published
2013-12-09 11:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc | x_refsource_CONFIRM | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7fcc799ad5d8f3e55b89b94e599903e3c092467 | x_refsource_CONFIRM | |
| http://wiki.libvirt.org/page/Maintenance_Releases | x_refsource_CONFIRM | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8c3586ea755c40d5e01b22cb7b5c1e668cdec994 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1015228 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:12.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7fcc799ad5d8f3e55b89b94e599903e3c092467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8c3586ea755c40d5e01b22cb7b5c1e668cdec994"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015228"
},
{
"name": "FEDORA-2013-20869",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7fcc799ad5d8f3e55b89b94e599903e3c092467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8c3586ea755c40d5e01b22cb7b5c1e668cdec994"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015228"
},
{
"name": "FEDORA-2013-20869",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4400",
"datePublished": "2013-12-09T11:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:12.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1146
Vulnerability from cvelistv5
Published
2011-03-15 17:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43897"
},
{
"name": "RHSA-2011:0391",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0391.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678406"
},
{
"name": "FEDORA-2011-3286",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056209.html"
},
{
"name": "USN-1094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1094-1"
},
{
"name": "43670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=71753cb7f7a16ff800381c0b5ee4e99eea92fed3"
},
{
"name": "44069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44069"
},
{
"name": "46820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46820"
},
{
"name": "[oss-security] 20110309 CVE request: libvirt: several API calls do not honour read-only connection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/09/3"
},
{
"name": "openSUSE-SU-2011:0311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00022.html"
},
{
"name": "ADV-2011-0794",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0794"
},
{
"name": "DSA-2194",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683650"
},
{
"name": "1025262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025262"
},
{
"name": "43917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43917"
},
{
"name": "ADV-2011-0700",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0700"
},
{
"name": "ADV-2011-0694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0694"
},
{
"name": "[oss-security] 20110310 Re: CVE request: libvirt: several API calls do not honour read-only connection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/5"
},
{
"name": "43780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43780"
},
{
"name": "libvirt-apicalls-dos(66012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66012"
},
{
"name": "ADV-2011-0805",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "43897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43897"
},
{
"name": "RHSA-2011:0391",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0391.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678406"
},
{
"name": "FEDORA-2011-3286",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056209.html"
},
{
"name": "USN-1094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1094-1"
},
{
"name": "43670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=71753cb7f7a16ff800381c0b5ee4e99eea92fed3"
},
{
"name": "44069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44069"
},
{
"name": "46820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46820"
},
{
"name": "[oss-security] 20110309 CVE request: libvirt: several API calls do not honour read-only connection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/09/3"
},
{
"name": "openSUSE-SU-2011:0311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00022.html"
},
{
"name": "ADV-2011-0794",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0794"
},
{
"name": "DSA-2194",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683650"
},
{
"name": "1025262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025262"
},
{
"name": "43917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43917"
},
{
"name": "ADV-2011-0700",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0700"
},
{
"name": "ADV-2011-0694",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0694"
},
{
"name": "[oss-security] 20110310 Re: CVE request: libvirt: several API calls do not honour read-only connection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/5"
},
{
"name": "43780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43780"
},
{
"name": "libvirt-apicalls-dos(66012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66012"
},
{
"name": "ADV-2011-0805",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1146",
"datePublished": "2011-03-15T17:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14301
Vulnerability from cvelistv5
Published
2021-05-27 19:44
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1848640 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210629-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210629-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libvirt 6.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T09:06:18",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210629-0007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "libvirt 6.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1848640",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848640"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210629-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210629-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14301",
"datePublished": "2021-05-27T19:44:34",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4311
Vulnerability from cvelistv5
Published
2013-10-03 21:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1954-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://wiki.libvirt.org/page/Maintenance_Releases | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/09/18/6 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2013-1272.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1460.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"name": "[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/18/6"
},
{
"name": "RHSA-2013:1272",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html"
},
{
"name": "RHSA-2013:1460",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"name": "openSUSE-SU-2013:1550",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"name": "openSUSE-SU-2013:1549",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"name": "[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/18/6"
},
{
"name": "RHSA-2013:1272",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html"
},
{
"name": "RHSA-2013:1460",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"name": "openSUSE-SU-2013:1550",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"name": "openSUSE-SU-2013:1549",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4311",
"datePublished": "2013-10-03T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4401
Vulnerability from cvelistv5
Published
2013-11-02 18:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1015259 | x_refsource_MISC | |
| http://wiki.libvirt.org/page/Maintenance_Releases | x_refsource_CONFIRM | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2026-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/55210 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1029241 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c"
},
{
"name": "USN-2026-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2026-1"
},
{
"name": "55210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55210"
},
{
"name": "1029241",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c"
},
{
"name": "USN-2026-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2026-1"
},
{
"name": "55210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55210"
},
{
"name": "1029241",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029241"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4401",
"datePublished": "2013-11-02T18:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:13.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2178
Vulnerability from cvelistv5
Published
2011-08-10 20:00
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=709775 | x_refsource_CONFIRM | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=709769 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html | vendor-advisory, x_refsource_FEDORA | |
| https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-1152-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709775"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709769"
},
{
"name": "openSUSE-SU-2011:0643",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html"
},
{
"name": "FEDORA-2011-9091",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html"
},
{
"name": "[libvirt] 20110531 [PATCH] security: plug regression introduced in disk probe logic",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html"
},
{
"name": "USN-1152-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1152-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of \"security manager private data\" that \"reopens disk probing\" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-10T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709775"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709769"
},
{
"name": "openSUSE-SU-2011:0643",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html"
},
{
"name": "FEDORA-2011-9091",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html"
},
{
"name": "[libvirt] 20110531 [PATCH] security: plug regression introduced in disk probe logic",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html"
},
{
"name": "USN-1152-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1152-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2178",
"datePublished": "2011-08-10T20:00:00Z",
"dateReserved": "2011-05-31T00:00:00Z",
"dateUpdated": "2024-08-06T22:53:17.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4399
Vulnerability from cvelistv5
Published
2014-12-12 15:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8294aa0c1750dcb49d6345cd9bd97bf421580d8b | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/62972 | vdb-entry, x_refsource_BID | |
| http://security.libvirt.org/2013/0013.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8294aa0c1750dcb49d6345cd9bd97bf421580d8b"
},
{
"name": "62972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62972"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2013/0013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8294aa0c1750dcb49d6345cd9bd97bf421580d8b"
},
{
"name": "62972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62972"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2013/0013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=8294aa0c1750dcb49d6345cd9bd97bf421580d8b",
"refsource": "CONFIRM",
"url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=8294aa0c1750dcb49d6345cd9bd97bf421580d8b"
},
{
"name": "62972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62972"
},
{
"name": "http://security.libvirt.org/2013/0013.html",
"refsource": "CONFIRM",
"url": "http://security.libvirt.org/2013/0013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4399",
"datePublished": "2014-12-12T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:13.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4239
Vulnerability from cvelistv5
Published
2013-09-30 21:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/08/12/12 | mailing-list, x_refsource_MLIST | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=996241 | x_refsource_CONFIRM | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=0e671a16 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130812 Re: CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/12/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=996241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=0e671a16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-30T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130812 Re: CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/12/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=996241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=0e671a16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4239",
"datePublished": "2013-09-30T21:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-08-06T16:38:01.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25637
Vulnerability from cvelistv5
Published
2020-10-06 00:00
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:35.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037"
},
{
"name": "openSUSE-SU-2020:1778",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html"
},
{
"name": "openSUSE-SU-2020:1777",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html"
},
{
"name": "GLSA-202210-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libvirt versions before 6.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T13:06:08.401049",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037"
},
{
"name": "openSUSE-SU-2020:1778",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html"
},
{
"name": "openSUSE-SU-2020:1777",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html"
},
{
"name": "GLSA-202210-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25637",
"datePublished": "2020-10-06T00:00:00",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:35.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4153
Vulnerability from cvelistv5
Published
2013-09-30 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=984821 | x_refsource_CONFIRM | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=dfc692350a04a70b4ca65667c30869b3bfdaf034 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=986383 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2013/07/19/11 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=984821"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=dfc692350a04a70b4ca65667c30869b3bfdaf034"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=986383"
},
{
"name": "[oss-security] 20130719 Re: CVE request -- libvirt: double free of returned JSON array in qemuAgentGetVCPUs()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/07/19/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the \"virsh vcpucount dom --guest\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-30T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=984821"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=dfc692350a04a70b4ca65667c30869b3bfdaf034"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=986383"
},
{
"name": "[oss-security] 20130719 Re: CVE request -- libvirt: double free of returned JSON array in qemuAgentGetVCPUs()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/07/19/11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4153",
"datePublished": "2013-09-30T21:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-08-06T16:30:50.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3631
Vulnerability from cvelistv5
Published
2022-03-02 00:00
Modified
2024-11-19 19:33
Severity ?
EPSS score ?
Summary
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977726"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libvirt/libvirt/-/issues/153"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3631"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220331-0010/"
},
{
"name": "GLSA-202210-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:33:05.630858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:33:55.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed-In - libvirt v7.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs\u0027 dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T13:06:10.250799",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977726"
},
{
"url": "https://gitlab.com/libvirt/libvirt/-/issues/153"
},
{
"url": "https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:3631"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220331-0010/"
},
{
"name": "GLSA-202210-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3631",
"datePublished": "2022-03-02T00:00:00",
"dateReserved": "2021-06-30T00:00:00",
"dateUpdated": "2024-11-19T19:33:55.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1766
Vulnerability from cvelistv5
Published
2013-03-20 15:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/58178 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2013/dsa-2650 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/52628 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58178"
},
{
"name": "DSA-2650",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2650"
},
{
"name": "52628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-20T15:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "58178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58178"
},
{
"name": "DSA-2650",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2650"
},
{
"name": "52628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52628"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1766",
"datePublished": "2013-03-20T15:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-08-06T15:13:32.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5313
Vulnerability from cvelistv5
Published
2016-04-11 21:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.libvirt.org/2015/0004.html | x_refsource_CONFIRM | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=034e47c338b13a95cf02106a3af912c1c5f818d7 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/90913 | vdb-entry, x_refsource_BID | |
| https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/201612-10 | vendor-advisory, x_refsource_GENTOO | |
| http://rhn.redhat.com/errata/RHSA-2016-2577.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2015/0004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=034e47c338b13a95cf02106a3af912c1c5f818d7"
},
{
"name": "90913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90913"
},
{
"name": "[libvirt] 20151211 [PATCH] CVE-2015-5313: storage: don\u0027t allow \u0027/\u0027 in filesystem volume names",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html"
},
{
"name": "FEDORA-2015-30b347dff1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html"
},
{
"name": "GLSA-201612-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-10"
},
{
"name": "RHSA-2016:2577",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2015/0004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=034e47c338b13a95cf02106a3af912c1c5f818d7"
},
{
"name": "90913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90913"
},
{
"name": "[libvirt] 20151211 [PATCH] CVE-2015-5313: storage: don\u0027t allow \u0027/\u0027 in filesystem volume names",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html"
},
{
"name": "FEDORA-2015-30b347dff1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html"
},
{
"name": "GLSA-201612-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-10"
},
{
"name": "RHSA-2016:2577",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5313",
"datePublished": "2016-04-11T21:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0028
Vulnerability from cvelistv5
Published
2014-01-24 18:00
Modified
2024-08-06 08:58
Severity ?
EPSS score ?
Summary
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2093-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html | vendor-advisory, x_refsource_SUSE | |
| https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1048637 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"name": "[libvirt] 20140115 [PATCH 0/4] CVE-2014-0028: domain events vs. ACL filtering",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"name": "[libvirt] 20140115 [PATCH 0/4] CVE-2014-0028: domain events vs. ACL filtering",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048637"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0028",
"datePublished": "2014-01-24T18:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0897
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-02 23:47
Severity ?
EPSS score ?
Summary
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:53:19.394577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:35.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063883"
},
{
"name": "GLSA-202210-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libvirt 8.0.0-8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-\u003enwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver-\u003enwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt\u0027s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T13:06:06.560627",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063883"
},
{
"name": "GLSA-202210-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"name": "[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0897",
"datePublished": "2022-03-25T00:00:00",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6456
Vulnerability from cvelistv5
Published
2014-04-15 18:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/56187 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5fc590ad9f4 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| http://security.libvirt.org/2013/0018.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1045643 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129199.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/65743 | vdb-entry, x_refsource_BID | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394 | x_refsource_MISC | |
| http://secunia.com/advisories/56215 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "56187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56187"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5fc590ad9f4"
},
{
"name": "openSUSE-SU-2014:0593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2013/0018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045643"
},
{
"name": "FEDORA-2014-2864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129199.html"
},
{
"name": "65743",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65743"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394"
},
{
"name": "56215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to \"paths under /proc/$PID/root\" and the virInitctlSetRunLevel function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "56187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56187"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5fc590ad9f4"
},
{
"name": "openSUSE-SU-2014:0593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2013/0018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045643"
},
{
"name": "FEDORA-2014-2864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129199.html"
},
{
"name": "65743",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65743"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394"
},
{
"name": "56215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56215"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6456",
"datePublished": "2014-04-15T18:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2700
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2024-08-02 06:33
Severity ?
EPSS score ?
Summary
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2700"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203653"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230706-0001/"
},
{
"name": "FEDORA-2024-2d35e47af3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libvirt-4.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device\u0027s capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct\u0027s g_autoptr cleanup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-11T06:06:03.592626",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2700"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203653"
},
{
"url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230706-0001/"
},
{
"name": "FEDORA-2024-2d35e47af3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2700",
"datePublished": "2023-05-15T00:00:00",
"dateReserved": "2023-05-15T00:00:00",
"dateUpdated": "2024-08-02T06:33:05.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5247
Vulnerability from cvelistv5
Published
2016-04-14 15:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.libvirt.org/2015/0003.html | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2867-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2015/0003.html"
},
{
"name": "USN-2867-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-14T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2015/0003.html"
},
{
"name": "USN-2867-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5247",
"datePublished": "2016-04-14T15:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3445
Vulnerability from cvelistv5
Published
2012-08-07 21:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/50118 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/54748 | vdb-entry, x_refsource_BID | |
| https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/07/31/4 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=844734 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2012-1202.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50299 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/50372 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/07/31/7 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2012-08/msg00023.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50118"
},
{
"name": "54748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54748"
},
{
"name": "[libvirt] 20120730 [PATCH] daemon: Fix crash in virTypedParameterArrayClear",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html"
},
{
"name": "[oss-security] 20120731 CVE Request -- libvirt: crash in virTypedParameterArrayClear",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844734"
},
{
"name": "RHSA-2012:1202",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1202.html"
},
{
"name": "50299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50299"
},
{
"name": "50372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50372"
},
{
"name": "[oss-security] 20120731 Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/7"
},
{
"name": "openSUSE-SU-2012:0991",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "50118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50118"
},
{
"name": "54748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54748"
},
{
"name": "[libvirt] 20120730 [PATCH] daemon: Fix crash in virTypedParameterArrayClear",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html"
},
{
"name": "[oss-security] 20120731 CVE Request -- libvirt: crash in virTypedParameterArrayClear",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844734"
},
{
"name": "RHSA-2012:1202",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1202.html"
},
{
"name": "50299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50299"
},
{
"name": "50372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50372"
},
{
"name": "[oss-security] 20120731 Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/7"
},
{
"name": "openSUSE-SU-2012:0991",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3445",
"datePublished": "2012-08-07T21:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3886
Vulnerability from cvelistv5
Published
2019-04-04 00:00
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | The libvirt Project | libvirt |
Version: 4.8.0 and above |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107777",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107777"
},
{
"name": "openSUSE-SU-2019:1294",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html"
},
{
"name": "USN-4021-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4021-1/"
},
{
"name": "FEDORA-2019-b2dfb13daf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/"
},
{
"name": "FEDORA-2019-9210998aaa",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
},
{
"name": "RHBA-2019:3723",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3723"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "The libvirt Project",
"versions": [
{
"status": "affected",
"version": "4.8.0 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "107777",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/107777"
},
{
"name": "openSUSE-SU-2019:1294",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html"
},
{
"name": "USN-4021-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4021-1/"
},
{
"name": "FEDORA-2019-b2dfb13daf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/"
},
{
"name": "FEDORA-2019-9210998aaa",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
},
{
"name": "RHBA-2019:3723",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3723"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3886",
"datePublished": "2019-04-04T00:00:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6458
Vulnerability from cvelistv5
Published
2014-01-24 18:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2093-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/56446 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-2846 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1043069 | x_refsource_CONFIRM | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2014-0103.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/56186 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"name": "56446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56446"
},
{
"name": "DSA-2846",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"name": "RHSA-2014:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0103.html"
},
{
"name": "56186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56186"
},
{
"name": "openSUSE-SU-2014:0270",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"name": "56446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56446"
},
{
"name": "DSA-2846",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0268",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"name": "RHSA-2014:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0103.html"
},
{
"name": "56186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56186"
},
{
"name": "openSUSE-SU-2014:0270",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6458",
"datePublished": "2014-01-24T18:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0179
Vulnerability from cvelistv5
Published
2014-08-03 18:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0560.html | vendor-advisory, x_refsource_REDHAT | |
| http://libvirt.org/news.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60895 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2014/dsa-3038 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-2366-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://security.libvirt.org/2014/0003.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0560",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
},
{
"name": "DSA-3038",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3038"
},
{
"name": "openSUSE-SU-2014:0650",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"name": "USN-2366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.libvirt.org/2014/0003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0560",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libvirt.org/news.html"
},
{
"name": "60895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "openSUSE-SU-2014:0674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
},
{
"name": "DSA-3038",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3038"
},
{
"name": "openSUSE-SU-2014:0650",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"name": "USN-2366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.libvirt.org/2014/0003.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0179",
"datePublished": "2014-08-03T18:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:54
Severity ?
Summary
The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20AEBAC3-B816-4148-8E3B-8425914923A0",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to \"agent based cpu (un)plug,\" as demonstrated by the \"virsh vcpucount foobar --guest\" command."
},
{
"lang": "es",
"value": "La funci\u00f3n qemuAgentCommand en libvirt anteriores a 1.1.1, cuando no es configurado un agente invitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y cuelgue) a trav\u00e9s de vectores relacionados con \"agent based cpu (un)plug\", como fue demostrado por el comando \"virsh vcpucount foobar --guest\"."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\n\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2013-4154",
"lastModified": "2024-11-21T01:54:58.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:09.223",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=96518d4316b711c72205117f8d5c967d5127bbb6"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2013/07/19/12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=984821"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=986386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=96518d4316b711c72205117f8d5c967d5127bbb6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2013/07/19/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=984821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=986386"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-03 18:55
Modified
2024-11-21 02:01
Severity ?
Summary
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E04748DC-4F9F-4BC2-A3D7-EAC3B73C5A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F45083-97C6-466F-9D67-057DDD08CFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906DC41-4724-4F81-9402-4EA3BC3F38A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10857CB9-D8B1-4EB4-8D93-E0DCC05F0C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "153AE3B9-F951-4AE5-9456-934E15445054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE87D15-DA60-4F89-BCFD-9CAB68111D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD8C1F3-5920-4684-BD05-6FA88EDAB64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60C81865-E1DB-40DA-9BB7-CE32C9EC4561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DC7BA8-ED6D-42C2-87EC-42F85CD276C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD99520-DF9D-4012-ADDB-14468FDEFB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "780A2EC8-5D4B-40B0-9A5A-EDC020554D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6310759E-ADFB-4DF4-8D10-4DDC42D29AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2B1536-6671-4508-BC7D-6F11408B3CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D7BAB-A2EC-4DD9-A7B8-D5806CD5F306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94E85C10-0192-46B4-828D-52BAE6A6F69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D60D834F-926B-416B-AB66-FCD7981DDCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1666DD-AC49-477A-921C-8197F5EFECA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6B6D6F-6CD3-43C3-B1EC-18DEC89DFDA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF21D58D-6952-4C72-94C3-32421499AFCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83403472-4883-4914-846A-3C3E912C5573",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "105130E9-D48E-4FB8-A715-E6438EC7E744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods."
},
{
"lang": "es",
"value": "libvirt 0.7.5 hasta 1.2.x anterior a 1.2.5 permite a usuarios locales causar una denegaci\u00f3n de servicio (bloqueo de lectura y cuelgue) a trav\u00e9s de un documento XML manipulado que contiene una declaraci\u00f3n de entidad externa XML en conjunto con una referencia de entidad en el m\u00e9todo (1) virConnectCompareCPU o (2) virConnectBaselineCPU API, relacionado con un problema de entidad externa XML (XXE). NOTA: este problema fue dividido (SPLIT) por ADT3 debido a las diferentes versiones afectadas de algunos vectores. CVE-2014-5177 se utiliza para otros m\u00e9todos API."
}
],
"id": "CVE-2014-0179",
"lastModified": "2024-11-21T02:01:34.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-03T18:55:05.630",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3038"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2366-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-02 13:15
Modified
2024-11-21 04:55
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89381462-BDEB-4E6B-B9C5-BA552F481B43",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "3.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service."
},
{
"lang": "es",
"value": "Se detect\u00f3 una desreferencia del puntero NULL en la API libvirt responsable que la introdujo en la versi\u00f3n anterior a 3.10.0, y corregida en libvirt versi\u00f3n 6.0.0, para extraer un grupo de almacenamiento basado en su ruta de destino. En m\u00e1s detalle, este fallo afecta a los grupos de almacenamiento creados sin una ruta de destino, tales como los grupos basados en red tales como Gluster y RBD. Los usuarios no privilegiados con una conexi\u00f3n de solo lectura podr\u00edan abusar de este fallo para bloquear el demonio de libvirt, resultando en una potencial denegaci\u00f3n de servicio."
}
],
"id": "CVE-2020-10703",
"lastModified": "2024-11-21T04:55:53.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-02T13:15:10.873",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790725"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10703"
},
{
"source": "secalert@redhat.com",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5d5c732d748d644ec14626bce448e84bdc4bd93e"
},
{
"source": "secalert@redhat.com",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129"
},
{
"source": "secalert@redhat.com",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=dfff16a7c261f8d28e3abe60a47165f845fa952f"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20200608-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5d5c732d748d644ec14626bce448e84bdc4bd93e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=dfff16a7c261f8d28e3abe60a47165f845fa952f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200608-0005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-12 15:59
Modified
2024-11-21 01:55
Severity ?
Summary
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D44F33C-B570-4CAA-A4A5-0FED294EFAEE",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E04748DC-4F9F-4BC2-A3D7-EAC3B73C5A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F45083-97C6-466F-9D67-057DDD08CFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906DC41-4724-4F81-9402-4EA3BC3F38A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10857CB9-D8B1-4EB4-8D93-E0DCC05F0C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "153AE3B9-F951-4AE5-9456-934E15445054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE87D15-DA60-4F89-BCFD-9CAB68111D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD8C1F3-5920-4684-BD05-6FA88EDAB64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60C81865-E1DB-40DA-9BB7-CE32C9EC4561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DC7BA8-ED6D-42C2-87EC-42F85CD276C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD99520-DF9D-4012-ADDB-14468FDEFB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "780A2EC8-5D4B-40B0-9A5A-EDC020554D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6310759E-ADFB-4DF4-8D10-4DDC42D29AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2B1536-6671-4508-BC7D-6F11408B3CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D7BAB-A2EC-4DD9-A7B8-D5806CD5F306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94E85C10-0192-46B4-828D-52BAE6A6F69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D60D834F-926B-416B-AB66-FCD7981DDCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection."
},
{
"lang": "es",
"value": "La funci\u00f3n remoteClientFreeFunc en daemon/remote.c en libvirt anterior a 1.1.3, cuando ACLs est\u00e1n utilizados, no fija una identidad, lo que causa que la eliminaci\u00f3n del manejador de eventos se deniega y atacantes remotos causan una denegaci\u00f3n de servicio (uso despu\u00e9s de liberaci\u00f3n y ca\u00edda) mediante el registro de un manejador de eventos y posteriormente el cierre de la conexi\u00f3n."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2013-4399",
"lastModified": "2024-11-21T01:55:29.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-12T15:59:00.070",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8294aa0c1750dcb49d6345cd9bd97bf421580d8b"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2013/0013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/62972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8294aa0c1750dcb49d6345cd9bd97bf421580d8b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2013/0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62972"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-09 16:36
Modified
2024-11-21 01:55
Severity ?
Summary
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments."
},
{
"lang": "es",
"value": "virt-login-shell en libvirt v1.1.2 hasta v1.1.3 permite a usuarios locales sobreescribir ficheros aleatorios y posiblemente obtener privilegios a trav\u00e9s de variables de entorno no especificadas o argumentos de l\u00ednea de comandos."
}
],
"id": "CVE-2013-4400",
"lastModified": "2024-11-21T01:55:29.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-09T16:36:46.520",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8c3586ea755c40d5e01b22cb7b5c1e668cdec994"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7fcc799ad5d8f3e55b89b94e599903e3c092467"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8c3586ea755c40d5e01b22cb7b5c1e668cdec994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7fcc799ad5d8f3e55b89b94e599903e3c092467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015228"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-27 20:15
Modified
2024-11-21 05:02
Severity ?
Summary
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1848640 | Issue Tracking, Patch, Vendor Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210629-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1848640 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210629-0007/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46A95446-54AF-4098-9167-39FDC9BC6BDA",
"versionEndExcluding": "6.3.0",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22D095ED-9247-4133-A133-73B7668565E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6DD887-9744-43EA-8B3C-44C6B6339590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF14A415-15BD-4A6C-87CF-675E09390474",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD81C46-328B-412D-AF4E-68A2AD2F1A73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en libvirt en versiones anteriores a 6.3.0.\u0026#xa0;Las cookies HTTP usadas para acceder a los discos basados ??en la red fueron guardadas en el XML dump del dominio invitado.\u0026#xa0;Este fallo permite a un atacante acceder a informaci\u00f3n potencialmente confidencial en la configuraci\u00f3n del dominio por medio del comando \"dumpxml\""
}
],
"id": "CVE-2020-14301",
"lastModified": "2024-11-21T05:02:57.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-27T20:15:07.727",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848640"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210629-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210629-0007/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-27 13:29
Modified
2024-11-21 04:42
Severity ?
5.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H
6.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11217A48-ED11-477A-8371-9F9A3843114A",
"versionEndExcluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service."
},
{
"lang": "es",
"value": "Se ha descubierto un error de desreferencia de puntero NULL en libvirt, en versiones anteriores a la 5.0.0, en la forma en la que obtiene informaci\u00f3n de la interfaz mediante el agente QEMU. Un atacante en una m\u00e1quina virtual invitada puede emplear este error para provocar el cierre inesperado de libvirtd y provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2019-3840",
"lastModified": "2024-11-21T04:42:40.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-27T13:29:01.680",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:2294"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663051"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-29 00:55
Modified
2024-11-21 01:50
Severity ?
Summary
The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests \"to list all volumes for the particular pool.\""
},
{
"lang": "es",
"value": "La funci\u00f3n remoteDispatchStoragePoolListAllVolumes en el gestor del \"pool\" de almacenamiento en libvirt v1.0.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo del descriptor de archivo) a trav\u00e9s de un gran n\u00famero de solicitudes para mostrar todos los vol\u00famenes de determinado \"pool\""
}
],
"id": "CVE-2013-1962",
"lastModified": "2024-11-21T01:50:45.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-29T00:55:01.057",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106906.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106921.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00022.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/93451"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0831.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53440"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53475"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/05/16/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/59937"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1028577"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1895-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953107"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84341"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/libvir-list/2013-May/msg01222.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106906.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106921.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0831.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/05/16/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1895-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/libvir-list/2013-May/msg01222.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-14 15:59
Modified
2024-11-21 02:32
Severity ?
Summary
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | 1.2.14 | |
| redhat | libvirt | 1.2.15 | |
| redhat | libvirt | 1.2.16 | |
| redhat | libvirt | 1.2.17 | |
| redhat | libvirt | 1.2.18 | |
| redhat | libvirt | 1.2.19 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "57AFB8C5-5798-4029-81CE-E56AD2DB34D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF25808-E322-43C1-8BB4-F233787DAAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "32836083-B8C3-48C3-B2BB-5C752BC048C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF8FF3-4261-460A-81D1-D0F9CC8A1E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6F0C3B-64A3-497D-9150-F71D499D4CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F84E1F2-52A9-43C8-A784-603CF03E0078",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool."
},
{
"lang": "es",
"value": "La API virStorageVolCreateXML en libvirt 1.2.14 hasta la versi\u00f3n 1.2.19 permite a usuarios remotos autenticados con una conexi\u00f3n de lectura-escritura causar una denegaci\u00f3n de servicio (ca\u00edda de libvirtd) desencadenando una desvinculaci\u00f3n fallida despu\u00e9s de crear un volumen en un pool NFS root_squash."
}
],
"id": "CVE-2015-5247",
"lastModified": "2024-11-21T02:32:38.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-14T15:59:01.090",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2015/0003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2867-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2015/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-15 17:55
Modified
2024-11-21 01:25
Severity ?
Summary
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086."
},
{
"lang": "es",
"value": "libvirt.c en la API de Red Hat libvirt v0.8.8 no restringe correctamente las operaciones en una conexi\u00f3n de solo lectura, lo que podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (caida del sistema operativo) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una llamada (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, o (6) virConnectDomainXMLToNative, una vulnerabilidad diferente de CVE-2008-5086."
}
],
"id": "CVE-2011-1146",
"lastModified": "2024-11-21T01:25:39.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-15T17:55:05.263",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=71753cb7f7a16ff800381c0b5ee4e99eea92fed3"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056209.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/09/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43670"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43780"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43897"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43917"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44069"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2194"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0391.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46820"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025262"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1094-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0694"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0700"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0794"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0805"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678406"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683650"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=71753cb7f7a16ff800381c0b5ee4e99eea92fed3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/09/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/03/10/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0391.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1094-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66012"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-15 23:55
Modified
2024-11-21 01:59
Severity ?
Summary
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | 1.0.1 | |
| redhat | libvirt | 1.0.2 | |
| redhat | libvirt | 1.0.3 | |
| redhat | libvirt | 1.0.4 | |
| redhat | libvirt | 1.0.5 | |
| redhat | libvirt | 1.0.5.1 | |
| redhat | libvirt | 1.0.5.2 | |
| redhat | libvirt | 1.0.5.3 | |
| redhat | libvirt | 1.0.5.4 | |
| redhat | libvirt | 1.0.5.5 | |
| redhat | libvirt | 1.0.5.6 | |
| redhat | libvirt | 1.0.6 | |
| redhat | libvirt | 1.1.0 | |
| redhat | libvirt | 1.1.1 | |
| redhat | libvirt | 1.1.2 | |
| redhat | libvirt | 1.1.3 | |
| redhat | libvirt | 1.1.4 | |
| redhat | libvirt | 1.2.0 | |
| redhat | libvirt | 1.2.1 | |
| fedoraproject | fedora | 20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1666DD-AC49-477A-921C-8197F5EFECA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to \"paths under /proc/$PID/root\" and the virInitctlSetRunLevel function."
},
{
"lang": "es",
"value": "El controlador LXC (lxc/lxc_driver.c) en libvirt 1.0.1 hasta 1.2.1 permite a usuarios locales (1) borrar dispositivos arbitrarios a trav\u00e9s de API virDomainDeviceDettach y un ataque symlink en /dev en el contenedor; (2) crear nodos arbitrarios (mknod) a trav\u00e9s de la API virDomainDeviceAttach y un ataque symlink en /dev en el contenedor; y causar una denegaci\u00f3n de servicio (apagado o reinicio del sistema operativo del host) a trav\u00e9s de (3) virDomainShutdown o (4) virDomainReboot API y a un ataque symlink en /dev/initctl en el contenedor, relacionado con \"rutas contenidas en /proc/$PID/root\" y la funci\u00f3n virInitctlSetRunLevel.\n"
}
],
"id": "CVE-2013-6456",
"lastModified": "2024-11-21T01:59:16.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-15T23:55:08.547",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5fc590ad9f4"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129199.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56215"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2013/0018.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/65743"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5fc590ad9f4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129199.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2013/0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045643"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:57
Severity ?
Summary
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D5F40A1-DE55-47FC-B223-BAB76885A8AC",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E04748DC-4F9F-4BC2-A3D7-EAC3B73C5A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F45083-97C6-466F-9D67-057DDD08CFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906DC41-4724-4F81-9402-4EA3BC3F38A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10857CB9-D8B1-4EB4-8D93-E0DCC05F0C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "153AE3B9-F951-4AE5-9456-934E15445054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE87D15-DA60-4F89-BCFD-9CAB68111D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD8C1F3-5920-4684-BD05-6FA88EDAB64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60C81865-E1DB-40DA-9BB7-CE32C9EC4561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DC7BA8-ED6D-42C2-87EC-42F85CD276C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD99520-DF9D-4012-ADDB-14468FDEFB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "780A2EC8-5D4B-40B0-9A5A-EDC020554D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6310759E-ADFB-4DF4-8D10-4DDC42D29AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2B1536-6671-4508-BC7D-6F11408B3CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D7BAB-A2EC-4DD9-A7B8-D5806CD5F306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94E85C10-0192-46B4-828D-52BAE6A6F69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D60D834F-926B-416B-AB66-FCD7981DDCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune."
},
{
"lang": "es",
"value": "La funci\u00f3n virBitmapParse en util/virbitmap.c en libvirt anterior a v1.1.2 permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda) a trav\u00e9s de un mapa de bits manipulado, como se demostr\u00f3 mediante un valor largo nodeset a numatune."
}
],
"id": "CVE-2013-5651",
"lastModified": "2024-11-21T01:57:53.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:09.660",
"references": [
{
"source": "cve@mitre.org",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25"
},
{
"source": "cve@mitre.org",
"url": "http://libvirt.org/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/30/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=997367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=997367"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2024-11-21 01:26
Severity ?
Summary
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11F03424-B961-4241-8224-254F798924E6",
"versionEndIncluding": "0.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time."
},
{
"lang": "es",
"value": "libvirtd de libvirt en versiones anteriores a la 0.9.0 no utiliza el reporte de errores \"thread-safe\", lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) provocando que m\u00faltiples hilos reporten errores al mismo tiempo."
}
],
"id": "CVE-2011-1486",
"lastModified": "2024-11-21T01:26:25.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:02.360",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44459"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025477"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/css/P8/documents/100134583"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2280"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0478.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0479.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/47148"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1152-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/css/P8/documents/100134583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0478.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0479.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1152-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-29 15:59
Modified
2024-11-21 02:22
Severity ?
Summary
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia | mageia | 4.0 | |
| redhat | libvirt | * | |
| redhat | libvirt | 1.2.0 | |
| redhat | libvirt | 1.2.1 | |
| redhat | libvirt | 1.2.2 | |
| redhat | libvirt | 1.2.3 | |
| redhat | libvirt | 1.2.4 | |
| redhat | libvirt | 1.2.5 | |
| redhat | libvirt | 1.2.6 | |
| redhat | libvirt | 1.2.7 | |
| redhat | libvirt | 1.2.8 | |
| redhat | libvirt | 1.2.9 | |
| redhat | libvirt | 1.2.10 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A22EF4-358B-4D85-BC9E-CADD6DF4643B",
"versionEndIncluding": "1.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6B6D6F-6CD3-43C3-B1EC-18DEC89DFDA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF21D58D-6952-4C72-94C3-32421499AFCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83403472-4883-4914-846A-3C3E912C5573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00DF70BC-8C33-4B01-9BF7-4D260E68DBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF1A5E-E1FD-4D28-B90A-86D78ABE3F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49568634-FD82-43E0-B60F-28896999CF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1E4E78-937D-4BF1-B45E-74B24A02C97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E80222EC-EA2E-444B-A51C-0287055A598C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA535BD-4D1A-4BD6-9EF0-1E57A80E6466",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface."
},
{
"lang": "es",
"value": "libvirt anterior a 1.2.12 permite a usuarios remotos autenticados obtener la contrase\u00f1a VNC mediante el uso del indicador VIR_DOMAIN_XML_SECURE con (1) una instant\u00e1nea manipulada a la interfaz virDomainSnapshotGetXMLDesc o (2) una imagen manipulada a la interfaz virDomainSaveImageGetXMLDesc."
}
],
"id": "CVE-2015-0236",
"lastModified": "2024-11-21T02:22:37.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-29T15:59:00.060",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0046.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/62766"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2015/0001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2015/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-13 15:59
Modified
2024-11-21 02:53
Severity ?
Summary
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACADE274-009D-42CD-A7A7-7212323F9254",
"versionEndIncluding": "1.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server."
},
{
"lang": "es",
"value": "libvirt en versiones anteriores a 2.0.0 desactiva inadecuadamente la comprobaci\u00f3n de contrase\u00f1as cuando la contrase\u00f1a en un servidor VNC est\u00e1 establecida en una cadena vac\u00eda, lo que permite a atacantes remotos eludir la autenticaci\u00f3n y establecer una sesi\u00f3in VNC conect\u00e1ndose al servidor."
}
],
"id": "CVE-2016-5008",
"lastModified": "2024-11-21T02:53:26.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-13T15:59:05.873",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00054.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00055.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00024.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2016/0001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3613"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/91562"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180092"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZZMOMRXNPALA34XDF5NK363KDLAYSTL/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTQF6LXKEEMJG4VOOCIAPJAD6ACBYP4W/"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/3576-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2016/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZZMOMRXNPALA34XDF5NK363KDLAYSTL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTQF6LXKEEMJG4VOOCIAPJAD6ACBYP4W/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3576-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-31 15:29
Modified
2024-11-21 03:04
Severity ?
Summary
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-4003 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/security/cve/CVE-2017-1000256 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html | ||
| cve@mitre.org | https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-4003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2017-1000256 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67508AF4-AD2C-496D-9EEB-4D691CC20DB5",
"versionEndExcluding": "3.9.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default."
},
{
"lang": "es",
"value": "libvirt en sus versiones 2.3.0 y posteriores es vulnerable a una mala configuraci\u00f3n por defecto de \"verify-peer=no\" que libvirt pasa a QEMU. Esto da lugar a un error a la hora de validar certificados SSL/TLS por defecto."
}
],
"id": "CVE-2017-1000256",
"lastModified": "2024-11-21T03:04:30.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-31T15:29:00.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-4003"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-1000256"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-4003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-1000256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-14 15:59
Modified
2024-11-21 01:32
Severity ?
Summary
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| redhat | libvirt | 0.9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query."
},
{
"lang": "es",
"value": "La funci\u00f3n networkReloadIptablesRules en network/bridge_driver.c en libvirt en versiones anteriores a 0.9.9 no maneja correctamente las reglas del firewall en redes puente cuando se reinicia libvirtd, lo que podr\u00eda permitir a atacantes remotos eludir las restricciones de acceso previstas a trav\u00e9s de una consulta (1) DNS o (2) DHCP."
}
],
"id": "CVE-2011-4600",
"lastModified": "2024-11-21T01:32:38.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-14T15:59:00.120",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=ae1232b298323dd7bef909426e2ebafa6bca9157"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://libvirt.org/news-2012.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2867-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=ae1232b298323dd7bef909426e2ebafa6bca9157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://libvirt.org/news-2012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2867-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760442"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-07 19:55
Modified
2024-11-21 01:59
Severity ?
Summary
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | 1.0.5 | |
| redhat | libvirt | 1.0.5.1 | |
| redhat | libvirt | 1.0.5.2 | |
| redhat | libvirt | 1.0.5.3 | |
| redhat | libvirt | 1.0.5.4 | |
| redhat | libvirt | 1.0.5.5 | |
| redhat | libvirt | 1.0.5.6 | |
| redhat | libvirt | 1.0.6 | |
| redhat | libvirt | 1.1.0 | |
| redhat | libvirt | 1.1.1 | |
| redhat | libvirt | 1.1.2 | |
| redhat | libvirt | 1.1.3 | |
| redhat | libvirt | 1.1.4 | |
| redhat | libvirt | 1.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1666DD-AC49-477A-921C-8197F5EFECA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the \"virsh memtune\" command."
},
{
"lang": "es",
"value": "El m\u00e9todo lxcDomainGetMemoryParameters en lxc/lxc_driver.c en libvirt 1.0.5 a 1.2.0 no comprueba correctamente el estado de invitados LXC cuando lee configuraciones de memoria, lo cual permite a usuarios locales causar denegaci\u00f3n de servicio (referencia a puntero a NULL y ca\u00edda de libvirtd) a trav\u00e9s de un invitado en el estado de apagado, como se demuestra con el comando \"virsh memtune\"."
}
],
"id": "CVE-2013-6436",
"lastModified": "2024-11-21T01:59:13.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-07T19:55:06.580",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/101485"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/56245"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-07 21:55
Modified
2024-11-21 01:40
Severity ?
Summary
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer."
},
{
"lang": "es",
"value": "La funci\u00f3n de virTypedParameterArrayClear en libvirt v0.9.13 no maneja adecuadamente virDomain* llamadas a la API con los par\u00e1metros tipo, permitiendo a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda libvirtd) a trav\u00e9s de un comando RPC con nparams puestos a cero, lo que desencadena una salida de la cancha de lectura o un libre de un puntero no v\u00e1lido."
}
],
"id": "CVE-2012-3445",
"lastModified": "2024-11-21T01:40:53.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-07T21:55:02.187",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1202.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50118"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50299"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50372"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54748"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844734"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:55
Severity ?
Summary
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges."
},
{
"lang": "es",
"value": "La funci\u00f3n virSecurityManagerSetProcessLabel en libvirt 0.10.2.7, 1.0.5.5, y 1.1.1, cuando el dominio ha le\u00eddo una etiqueta uid:gid, no establece adecuadamente las pertenencias a grupos, lo que permite a usuarios locales ganar privilegios."
}
],
"id": "CVE-2013-4291",
"lastModified": "2024-11-21T01:55:17.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:09.347",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006509"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-22 21:29
Modified
2024-11-21 03:23
Severity ?
7.7 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6023086-B53C-412A-800B-A3DB0BB90182",
"versionEndIncluding": "3.0.0",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service."
},
{
"lang": "es",
"value": "Se ha detectado un defecto de desferencia del puntero NULL en la forma en la que libvirt desde la versi\u00f3n 2.5.0 hasta la 3.0.0 manejaba las unidades vac\u00edas. Un atacante autenticado remoto podr\u00eda usar este defecto para provocar el cierre inesperado del demonio libvirtd, lo que provocar\u00eda una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-2635",
"lastModified": "2024-11-21T03:23:52.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-22T21:29:00.430",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635"
},
{
"source": "secalert@redhat.com",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=c3de387380f6057ee0e46cd9f2f0a092e8070875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=c3de387380f6057ee0e46cd9f2f0a092e8070875"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-02 23:15
Modified
2024-11-21 06:22
Severity ?
Summary
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | openshift_container_platform | 4.8 | |
| redhat | enterprise_linux | 8.0 | |
| netapp | ontap_select_deploy_administration_utility | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C160205-EF84-4F65-BAD2-9A5F3F4B5875",
"versionEndExcluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91B493F0-5542-49F7-AAAE-E6CA6E468D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs\u0027 dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en libvirt mientras genera pares de categor\u00edas MCS de SELinux para las etiquetas din\u00e1micas de las m\u00e1quinas virtuales. Este defecto permite que un hu\u00e9sped explotado acceda a archivos etiquetados para otro hu\u00e9sped, resultando en una ruptura del confinamiento de sVirt. La mayor amenaza de esta vulnerabilidad es para la confidencialidad y la integridad"
}
],
"id": "CVE-2021-3631",
"lastModified": "2024-11-21T06:22:01.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T23:15:08.677",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977726"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/libvirt/libvirt/-/issues/153"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220331-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2021:3631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/libvirt/libvirt/-/issues/153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220331-0010/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-30 17:15
Modified
2024-11-21 09:52
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CCD8C5-8BD8-42B5-ABAB-F68D4BDB4E10",
"versionEndExcluding": "10.7.0",
"versionStartIncluding": "10.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en libvirt. Una refactorizaci\u00f3n del c\u00f3digo que obtiene la lista de interfaces para m\u00faltiples API introdujo un caso extremo en plataformas donde la asignaci\u00f3n de 0 bytes de memoria da como resultado un puntero NULL. Este caso extremo conducir\u00eda a una desreferencia de puntero NULL y al posterior bloqueo de virtinterfaced. Este problema podr\u00eda permitir que los clientes que se conectan al socket de solo lectura bloqueen el demonio virtinterfaced."
}
],
"id": "CVE-2024-8235",
"lastModified": "2024-11-21T09:52:55.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-30T17:15:15.783",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:9128"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-8235"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/X6WOVCL6QF3FQRFIIXL736RFZVSUWLWJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240920-0006/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-17 03:41
Modified
2024-11-21 01:39
Severity ?
Summary
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01916DA0-D0B0-4355-B72D-76B2E9B05988",
"versionEndIncluding": "0.9.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices."
},
{
"lang": "es",
"value": "libvirt, posiblemente anterior a v0.9.12, no se asignan adecuadamente los dispositivos USB a las m\u00e1quinas virtuales cuando varios dispositivos tienen el mismo proveedor y la misma identificaci\u00f3n de producto, lo que podr\u00eda provocar que el dispositivo equivocado sea asociado con un invitado lo que podr\u00eda podr\u00eda permitir a usuarios locales acceder a los dispositivos USB no deseados."
}
],
"id": "CVE-2012-2693",
"lastModified": "2024-11-21T01:39:27.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-17T03:41:42.203",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-06 15:59
Modified
2024-11-21 02:18
Severity ?
Summary
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BBE4C-22D8-45AB-B477-A9E234CD0EA0",
"versionEndIncluding": "1.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access."
},
{
"lang": "es",
"value": "La implementaci\u00f3n qemu de virConnectGetAllDomainStats en libvirt anterior a 1.2.11 no maneja correctamente los bloqueos cuando se salta un dominio debido a las restricciones ACL, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (bloqueo o fallo de segmentaci\u00f3n y ca\u00edda) a trav\u00e9s de una solicitud de acceso cuando el usuario no tiene los privilegios de acceso."
}
],
"id": "CVE-2014-8131",
"lastModified": "2024-11-21T02:18:37.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-06T15:59:04.727",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0008.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-25 19:15
Modified
2024-11-21 06:39
Severity ?
Summary
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| netapp | ontap_select_deploy_administration_utility | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D5F40A1-DE55-47FC-B223-BAB76885A8AC",
"versionEndIncluding": "1.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-\u003enwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver-\u003enwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt\u0027s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd)."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en el controlador nwfilter de libvirt. El m\u00e9todo virNWFilterObjListNumOfNWFilters no adquir\u00eda el mutex driver-\u0026gt;nwfilters antes de iterar sobre las instancias virNWFilterObj. No hab\u00eda protecci\u00f3n para evitar que otro hilo modificara simult\u00e1neamente el objeto driver-\u0026gt;nwfilters. Este fallo permite a un usuario malicioso y sin privilegios aprovechar este problema a trav\u00e9s de la API virConnectNumOfNWFilters de libvirt para bloquear el demonio de gesti\u00f3n de filtros de red (libvirtd/virtnwfilterd)"
}
],
"id": "CVE-2022-0897",
"lastModified": "2024-11-21T06:39:37.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-25T19:15:10.340",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063883"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:51
Severity ?
Summary
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the \"virsh iface-list --inactive\" command."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n en el m\u00e9todo virConnectListAllInterfaces en interface/interface_backend_netcf.c de libvirt 1.0.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de libvirtd) a trav\u00e9s de un flag \"filtering\" que causa que un interfaz sea omitido, como fue demostrado por el comando \"virsh iface-list --inactive\"."
}
],
"id": "CVE-2013-2218",
"lastModified": "2024-11-21T01:51:16.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:08.957",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=244e0b8cf15ca2ef48d82058e728656e6c4bad11"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/01/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=980112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=244e0b8cf15ca2ef48d82058e728656e6c4bad11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/01/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=980112"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-13 21:32
Modified
2024-11-21 02:18
Severity ?
Summary
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BBE4C-22D8-45AB-B477-A9E234CD0EA0",
"versionEndIncluding": "1.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6B6D6F-6CD3-43C3-B1EC-18DEC89DFDA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF21D58D-6952-4C72-94C3-32421499AFCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83403472-4883-4914-846A-3C3E912C5573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00DF70BC-8C33-4B01-9BF7-4D260E68DBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF1A5E-E1FD-4D28-B90A-86D78ABE3F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49568634-FD82-43E0-B60F-28896999CF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1E4E78-937D-4BF1-B45E-74B24A02C97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E80222EC-EA2E-444B-A51C-0287055A598C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag."
},
{
"lang": "es",
"value": "El virDomainGetXMLDesc API en Libvirt en versiones anteriores a 1.2.11 permite a usuarios remotos de solo lectura obtener la contrase\u00f1a VNC utilizando el marcador VIR_DOMAIN_XML_MIGRATABLE, lo que desencadena el uso del marcador VIR_DOMAIN_XML_SECURE."
}
],
"id": "CVE-2014-7823",
"lastModified": "2024-11-21T02:18:04.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-13T21:32:04.547",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60010"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/62058"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/62303"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2404-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2404-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 20:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE2397C4-5951-4A0D-B72A-9EAF42E48EC0",
"versionEndExcluding": "6.1.0",
"versionStartIncluding": "4.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en la funci\u00f3n qemuDomainGetStatsIOThread en el archivo qemu/qemu_driver.c en libvirt versiones 4.10.0 hasta 6.x anteriores a 6.1.0. Se encontr\u00f3 una p\u00e9rdida de memoria en la API libDirt de virDomainListGetStats que es responsable de recuperar las estad\u00edsticas del dominio al administrar invitados de QEMU. Este fallo permite a los usuarios no privilegiados con una conexi\u00f3n de solo lectura causar una p\u00e9rdida de memoria en el comando domstats, resultando en una posible denegaci\u00f3n de servicio."
}
],
"id": "CVE-2020-12430",
"lastModified": "2024-11-21T04:59:42.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T20:15:12.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804548"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828190"
},
{
"source": "cve@mitre.org",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200518-0003/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4371-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200518-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4371-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:55
Severity ?
Summary
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function."
},
{
"lang": "es",
"value": "La funci\u00f3n xenDaemonListDefinedDomains en xen/xend_internal.c en libvirt 1.1.1 permite a usuarios autenticados remotamente causar denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda) a trav\u00e9s de vectores que involucran la funci\u00f3n virConnectListDefinedDomains API."
}
],
"id": "CVE-2013-4239",
"lastModified": "2024-11-21T01:55:11.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:09.287",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=0e671a16"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/12/12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=996241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=0e671a16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/12/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=996241"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-04 16:29
Modified
2024-11-21 04:42
Severity ?
Summary
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| opensuse | leap | 42.3 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E44C87-EA6E-4EA1-B908-8C13B298D6A2",
"versionEndExcluding": "5.3.0",
"versionStartIncluding": "4.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block."
},
{
"lang": "es",
"value": "Se ha descubierto una comprobaci\u00f3n de permisos incorrecta en versiones de libvirt 4.8.0 y superiores. Se ha permitido que el permiso de solo lectura invoque API dependiendo del agente invitado, lo que podr\u00eda conducir a una potencial divulgaci\u00f3n de informaci\u00f3n no intencionada o una denegaci\u00f3n de servicio (DoS) provocando un bloqueo de libvirt."
}
],
"id": "CVE-2019-3886",
"lastModified": "2024-11-21T04:42:47.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-04T16:29:03.430",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107777"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3723"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4021-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4021-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:55
Severity ?
Summary
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c."
},
{
"lang": "es",
"value": "libvirt 1.1.0 y 1.1.1 permite a usuarios locales provocar una denegaci\u00f3n de servicio (consumo de memoria) atrav\u00e9s de la migracion de par\u00e1metros en un gran cantidad de dominios en ciertas llamadas RPC en (1) daemon/remote.c y (2) remote/remote_driver.c."
}
],
"id": "CVE-2013-4292",
"lastModified": "2024-11-21T01:55:17.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:09.380",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/libvir-list%40redhat.com/msg83332.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/libvir-list%40redhat.com/msg83332.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 04:18
Severity ?
Summary
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/libvirt-privesc-vulnerabilities | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202003-18 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/libvirt-privesc-vulnerabilities | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-18 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | libvirt | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| redhat | virtualization | 4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EBE53E7-FA47-4A57-B702-A09AAD367D41",
"versionEndExcluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2004724A-67F7-45C3-8FEF-21F4DF5655B6",
"versionEndExcluding": "5.4.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:virtualization:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C32B0A34-5B95-4B1F-8077-5C7768FDFB33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed."
},
{
"lang": "es",
"value": "Se detect\u00f3 que libvirtd, versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, permitir\u00eda a los clientes de solo lectura utilizar la API de la funci\u00f3n virDomainManagedSaveDefineXML(), lo que les permitir\u00eda modificar archivos de estado managed save. Si un managed save ya ha sido creado por un usuario privilegiado, un atacante local podr\u00eda modificar este archivo de manera que libvirtd ejecutar\u00eda un programa arbitrario cuando el dominio est\u00e9 reanudado."
}
],
"id": "CVE-2019-10166",
"lastModified": "2024-11-21T04:18:33.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:12.107",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-03 21:55
Modified
2024-11-21 01:55
Severity ?
Summary
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | 0.9.12 | |
| redhat | libvirt | 0.10.2 | |
| redhat | libvirt | 0.10.2.1 | |
| redhat | libvirt | 0.10.2.2 | |
| redhat | libvirt | 0.10.2.3 | |
| redhat | libvirt | 0.10.2.4 | |
| redhat | libvirt | 0.10.2.5 | |
| redhat | libvirt | 0.10.2.6 | |
| redhat | libvirt | 0.10.2.7 | |
| redhat | libvirt | 1.0.5 | |
| redhat | libvirt | 1.0.5.1 | |
| redhat | libvirt | 1.0.5.2 | |
| redhat | libvirt | 1.0.5.3 | |
| redhat | libvirt | 1.0.5.4 | |
| redhat | libvirt | 1.0.5.5 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.04 | |
| redhat | enterprise_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6310759E-ADFB-4DF4-8D10-4DDC42D29AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2B1536-6671-4508-BC7D-6F11408B3CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D7BAB-A2EC-4DD9-A7B8-D5806CD5F306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94E85C10-0192-46B4-828D-52BAE6A6F69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288."
},
{
"lang": "es",
"value": "libvirt 1.0.5.x anterior a la versi\u00f3n 1.0.5.6, 0.10.2.x anterior a 0.10.2.8, y 0.9.12.x anterior a la versi\u00f3n 0.9.12.2 permite a usuarios locales evadir restricciones de acceso intencionadas mediante el aprovechamiento de una condici\u00f3n de carrera PolkitUnixProcess PolkitSubject en pkcheck a trav\u00e9s de un (1) proceso setuid o (2) proceso pkexec, un problema relacionado con CVE-2013-4288."
}
],
"id": "CVE-2013-4311",
"lastModified": "2024-11-21T01:55:19.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-03T21:55:04.287",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/09/18/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/09/18/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1954-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-11 21:59
Modified
2024-11-21 02:32
Severity ?
Summary
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FED07429-2F89-4903-99EF-C153CD0FC59E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n virStorageBackendFileSystemVolCreate en storage/storage_backend_fs.c en libvirt, cuando Access Control Lists (ACL) detalladas est\u00e1n en vigor, permite a usuarios locales con permiso storage_vol:create ACL pero sin permiso domain:write escribir en archivos arbitrarios a trav\u00e9s de un .. (punto punto) en un nombre de volumen."
}
],
"id": "CVE-2015-5313",
"lastModified": "2024-11-21T02:32:46.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-11T21:59:04.100",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=034e47c338b13a95cf02106a3af912c1c5f818d7"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2015/0004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/90913"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201612-10"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=034e47c338b13a95cf02106a3af912c1c5f818d7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2015/0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-24 12:15
Modified
2024-11-21 06:21
Severity ?
Summary
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1962306 | Issue Tracking, Patch, Vendor Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210706-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1962306 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210706-0006/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| netapp | ontap_select_deploy_administration_utility | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD20715-430E-4168-820B-A23252A72B55",
"versionEndExcluding": "7.0.0",
"versionStartIncluding": "6.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the \u0027nodedev-list\u0027 virsh command. The highest threat from this vulnerability is to system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en libvirt en la API virConnectListAllNodeDevices en versiones anteriores a 7.0.0.\u0026#xa0;Solo afecta a los hosts con un dispositivo PCI y un controlador que admita dispositivos mediados (por ejemplo, el controlador GRID).\u0026#xa0;Este fallo podr\u00eda ser usado por un cliente no privilegiado con una conexi\u00f3n de solo lectura para bloquear el demonio libvirt al ejecutar el comando virsh \"nodedev-list\".\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"
}
],
"id": "CVE-2021-3559",
"lastModified": "2024-11-21T06:21:50.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-24T12:15:07.677",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962306"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210706-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210706-0006/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-27 19:15
Modified
2024-11-21 04:55
Severity ?
Summary
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1819163 | Issue Tracking, Patch, Vendor Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210708-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1819163 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210708-0001/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D605E3-0646-4A88-BF97-EA6FEBE03225",
"versionEndExcluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo de falta de autorizaci\u00f3n en la API libvirt responsable de cambiar el tiempo de espera de respuesta del agente QEMU.\u0026#xa0;Este fallo permite a unas conexiones de solo lectura ajustar el tiempo que libvirt espera a que el agente invitado de QEMU responder a los comandos del agente.\u0026#xa0;Dependiendo del valor de tiempo de espera que es ajustado, este fallo puede hacer a unos comandos del agente invitado cometer un fallo porque el agente no puede responder a tiempo.\u0026#xa0;Usuarios no privilegiados con una conexi\u00f3n de solo lectura podr\u00edan abusar de este fallo para ajustar el tiempo de espera de respuesta para todos los mensajes de agentes invitados en cero,potencialmente conllevando a una denegaci\u00f3n de servicio.\u0026#xa0;Este fallo afecta a versiones de libvirt anteriores a 6.2.0"
}
],
"id": "CVE-2020-10701",
"lastModified": "2024-11-21T04:55:53.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-27T19:15:07.767",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0001/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-08 20:55
Modified
2024-11-21 01:46
Severity ?
Summary
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | libvirt | * | |
| redhat | libvirt | * | |
| redhat | libvirt | * | |
| opensuse | opensuse | 12.1 | |
| opensuse | opensuse | 12.2 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_software_development_kit | 11 | |
| fedoraproject | fedora | 16 | |
| fedoraproject | fedora | 17 | |
| fedoraproject | fedora | 18 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_eus | 6.3 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A421F4DD-0E89-4A02-829D-5D30A1B3FBDC",
"versionEndExcluding": "0.9.6.4",
"versionStartIncluding": "0.9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E51E774-E249-4315-A1B7-34AA7AEEFBE3",
"versionEndExcluding": "0.9.11.9",
"versionStartIncluding": "0.9.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39BC56B2-6B0B-4350-9BEE-A7FAB521F624",
"versionEndExcluding": "0.10.2.3",
"versionStartIncluding": "0.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D62E82-8001-41CF-8455-3E1F1098B51C",
"versionEndExcluding": "1.0.2",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
"matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n virNetMessageFree en rpc/libvirt virnetserverclient.c v1.0.x antes de v1.0.2, v0.10.2 v0.10.2.3 antes, antes de v0.9.11.9 v0.9.11, v0.9.6 y v0.9.6.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario mediante la activaci\u00f3n de ciertos errores durante una conexi\u00f3n RPC, lo que hace que un mensaje sea liberado sin que se eliminan de la cola de mensajes."
}
],
"id": "CVE-2013-0170",
"lastModified": "2024-11-21T01:46:59.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-08T20:55:01.297",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/89644"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0199.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52001"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52003"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57578"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028047"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1708-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/89644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0199.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1708-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-18 16:29
Modified
2024-11-21 02:44
Severity ?
Summary
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/libvirt/libvirt/compare/11288f5...8fd6867 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/04/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libvirt/libvirt/compare/11288f5...8fd6867 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/04/msg00032.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B4E452-4F38-41D5-9D7F-60A3B27A7A33",
"versionEndExcluding": "1.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886."
},
{
"lang": "es",
"value": "libvirt-domain.c en libvirt versiones anteriores a la 1.3.1 soporta las llamadas a la API virDomainGetTime por agentes invitados con una conexi\u00f3n RO, aunque se supon\u00eda que se requer\u00eda una conexi\u00f3n RW, es una vulnerabilidad diferente de CVE-2019-3886."
}
],
"id": "CVE-2016-10746",
"lastModified": "2024-11-21T02:44:39.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-18T16:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libvirt/libvirt/compare/11288f5...8fd6867"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libvirt/libvirt/compare/11288f5...8fd6867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00032.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-24 16:15
Modified
2024-11-21 08:17
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | - | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FED07429-2F89-4903-99EF-C153CD0FC59E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon."
}
],
"id": "CVE-2023-3750",
"lastModified": "2024-11-21T08:17:58.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-24T16:15:13.267",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:6409"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3750"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:6409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-25 19:15
Modified
2024-11-21 06:37
Severity ?
Summary
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2034195 | Issue Tracking, Patch, Vendor Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html | ||
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20220513-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2034195 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220513-0004/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| fedoraproject | fedora | 35 | |
| netapp | ontap_select_deploy_administration_utility | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEBF2F3F-7EE0-4F7A-8D57-5097E633B205",
"versionEndExcluding": "2.33.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en el controlador libvirt libxl. Un hu\u00e9sped malicioso podr\u00eda reiniciarse continuamente y causar que libvirtd en el host cerrarse o bloquearse, resultando en una condici\u00f3n de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-4147",
"lastModified": "2024-11-21T06:37:00.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-25T19:15:09.643",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034195"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220513-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220513-0004/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:55
Severity ?
Summary
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE8EDAF-8A1C-4D86-A3C2-9A9F8CA99105",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E04748DC-4F9F-4BC2-A3D7-EAC3B73C5A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F45083-97C6-466F-9D67-057DDD08CFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906DC41-4724-4F81-9402-4EA3BC3F38A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10857CB9-D8B1-4EB4-8D93-E0DCC05F0C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "153AE3B9-F951-4AE5-9456-934E15445054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE87D15-DA60-4F89-BCFD-9CAB68111D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD8C1F3-5920-4684-BD05-6FA88EDAB64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60C81865-E1DB-40DA-9BB7-CE32C9EC4561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DC7BA8-ED6D-42C2-87EC-42F85CD276C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD99520-DF9D-4012-ADDB-14468FDEFB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "780A2EC8-5D4B-40B0-9A5A-EDC020554D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors."
},
{
"lang": "es",
"value": "La funci\u00f3n virFileNBDDeviceAssociate en util/virfile.c en libvirt v1.1.2 y anteriores permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (referencia a puntero no inicializado y ca\u00edda) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4297",
"lastModified": "2024-11-21T01:55:18.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:09.457",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=2dba0323ff0cec31bdcea9dd3b2428af297401f2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=2dba0323ff0cec31bdcea9dd3b2428af297401f2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4297"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-25 16:29
Modified
2024-11-21 04:09
Severity ?
Summary
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | - | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FED07429-2F89-4903-99EF-C153CD0FC59E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply."
},
{
"lang": "es",
"value": "qemu/qemu_monitor.c en libvirt permite que los atacantes provoquen una denegaci\u00f3n de servicio (consumo de memoria) mediante una respuesta QEMU grande."
}
],
"id": "CVE-2018-5748",
"lastModified": "2024-11-21T04:09:18.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-25T16:29:00.400",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102825"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-22 18:29
Modified
2024-11-21 04:18
Severity ?
8.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| fedoraproject | fedora | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF48B60B-606F-47E7-9469-464B3A10EFFE",
"versionEndIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libvirt \u003e= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en libvirt \u003e = 4.1.0 en las unidades virtlockd-admin. Socket y virtlogd-admin. Socket systemd. Un par\u00e1metro de configuraci\u00f3n de SocketMode que falta permite a cualquier usuario del servidor conectarse mediante virtlockd-admin-sock o virtlogd-admin-Sock y realizar tareas administrativas contra los demonios virtlockd y virtlogd."
}
],
"id": "CVE-2019-10132",
"lastModified": "2024-11-21T04:18:29.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-22T18:29:00.427",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:1264"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:1268"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.libvirt.org/2019/0003.html"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/4021-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.libvirt.org/2019/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4021-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2024-11-21 02:18
Severity ?
Summary
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia | mageia | 4.0 | |
| redhat | libvirt | - | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FED07429-2F89-4903-99EF-C153CD0FC59E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors."
},
{
"lang": "es",
"value": "Las funciones (1) qemuDomainMigratePerform y (2) qemuDomainMigrateFinish2 en qemu/qemu_driver.c en libvirt no desbloquea el dominio cuando una comprobaci\u00f3n de ACL falla, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2014-8136",
"lastModified": "2024-11-21T02:18:38.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:10.377",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61111"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:023"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2867-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-24 18:55
Modified
2024-11-21 02:04
Severity ?
Summary
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE91A69-56FF-49BC-B606-D12126200357",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E04748DC-4F9F-4BC2-A3D7-EAC3B73C5A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F45083-97C6-466F-9D67-057DDD08CFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906DC41-4724-4F81-9402-4EA3BC3F38A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10857CB9-D8B1-4EB4-8D93-E0DCC05F0C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "153AE3B9-F951-4AE5-9456-934E15445054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE87D15-DA60-4F89-BCFD-9CAB68111D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD8C1F3-5920-4684-BD05-6FA88EDAB64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60C81865-E1DB-40DA-9BB7-CE32C9EC4561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DC7BA8-ED6D-42C2-87EC-42F85CD276C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD99520-DF9D-4012-ADDB-14468FDEFB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "780A2EC8-5D4B-40B0-9A5A-EDC020554D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6310759E-ADFB-4DF4-8D10-4DDC42D29AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2B1536-6671-4508-BC7D-6F11408B3CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D7BAB-A2EC-4DD9-A7B8-D5806CD5F306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94E85C10-0192-46B4-828D-52BAE6A6F69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D60D834F-926B-416B-AB66-FCD7981DDCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1666DD-AC49-477A-921C-8197F5EFECA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la funci\u00f3n virNetServerClientStartKeepAlive en libvirt anteriores a 1.2.1 permite a atacantes remotos causar denegaci\u00f3n de servicio (ca\u00edda de libvirtd) mediante el cierre de conexiones antes de que una respuesta keepalive sea enviada."
}
],
"id": "CVE-2014-1447",
"lastModified": "2024-11-21T02:04:17.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-24T18:55:04.963",
"references": [
{
"source": "cve@mitre.org",
"url": "http://libvirt.org/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0103.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/56321"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/56446"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2846"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029695"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1047577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1047577"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-10 20:55
Modified
2024-11-21 01:28
Severity ?
Summary
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB82706-26C4-48C5-8918-EBFD96411440",
"versionEndIncluding": "0.9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption."
},
{
"lang": "es",
"value": "Desbordamiento de entero en libvirt anterior a v0.9.3 permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (ca\u00edda libvirtd) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una llamada manipulada VirDomainGetVcpus RPC que provoca corrupci\u00f3n de memoria."
}
],
"id": "CVE-2011-2511",
"lastModified": "2024-11-21T01:28:26.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-10T20:55:01.547",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45375"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45441"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45446"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2280"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1019.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1197.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025822"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1180-1"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68271"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/10027908"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062855.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1197.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1180-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/10027908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 04:18
Severity ?
Summary
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/libvirt-privesc-vulnerabilities | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168 | Issue Tracking, Third Party Advisory, Vendor Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202003-18 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/libvirt-privesc-vulnerabilities | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168 | Issue Tracking, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-18 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | libvirt | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| redhat | virtualization | 4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EBE53E7-FA47-4A57-B702-A09AAD367D41",
"versionEndExcluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2004724A-67F7-45C3-8FEF-21F4DF5655B6",
"versionEndExcluding": "5.4.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:virtualization:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C32B0A34-5B95-4B1F-8077-5C7768FDFB33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
},
{
"lang": "es",
"value": "Las APIs libvirt de las funciones virConnectBaselineHypervisorCPU() y virConnectCompareHypervisorCPU(), versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, aceptan un argumento \"emulator\" para especificar el programa que proporciona emulaci\u00f3n para un dominio. Desde versi\u00f3n v1.2.19, libvirt ejecutar\u00e1 ese programa para examinar las capacidades del dominio. Los clientes de solo lectura podr\u00edan especificar una ruta de acceso arbitraria para este argumento, causando que libvirtd activara un ejecutable dise\u00f1ado con sus propios privilegios."
}
],
"id": "CVE-2019-10168",
"lastModified": "2024-11-21T04:18:33.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:12.247",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-07 10:55
Modified
2024-11-21 02:00
Severity ?
Summary
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | libvirt | 1.0.0 | |
| redhat | libvirt | 1.0.1 | |
| redhat | libvirt | 1.0.2 | |
| redhat | libvirt | 1.0.3 | |
| redhat | libvirt | 1.0.4 | |
| redhat | libvirt | 1.0.5 | |
| redhat | libvirt | 1.0.5.1 | |
| redhat | libvirt | 1.0.5.2 | |
| redhat | libvirt | 1.0.5.3 | |
| redhat | libvirt | 1.0.5.4 | |
| redhat | libvirt | 1.0.5.5 | |
| redhat | libvirt | 1.0.5.6 | |
| redhat | libvirt | 1.0.6 | |
| redhat | libvirt | 1.1.0 | |
| redhat | libvirt | 1.1.1 | |
| opensuse | opensuse | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE8EDAF-8A1C-4D86-A3C2-9A9F8CA99105",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function."
},
{
"lang": "es",
"value": "La funci\u00f3n qemuMigrationWaitForSpice en qemu/qemu_migration.c en libvirt anterior a 1.1.3 no entra debidamente en un monitor cuando realiza migraci\u00f3n SPICE ininterrumpida, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda de libvirtd) al provocar que domblkstat sea llamado en el mismo momento que la funci\u00f3n qemuMonitorGetSpiceMigrationStatus."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2013-7336",
"lastModified": "2024-11-21T02:00:46.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-07T10:55:03.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=484cc321"
},
{
"source": "cve@mitre.org",
"url": "http://libvirt.org/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/03/18/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/18/3"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=484cc321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/03/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/18/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077620"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 04:18
Severity ?
Summary
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/libvirt-privesc-vulnerabilities | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202003-18 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/libvirt-privesc-vulnerabilities | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-18 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | libvirt | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| redhat | virtualization | 4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EBE53E7-FA47-4A57-B702-A09AAD367D41",
"versionEndExcluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2004724A-67F7-45C3-8FEF-21F4DF5655B6",
"versionEndExcluding": "5.4.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:virtualization:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C32B0A34-5B95-4B1F-8077-5C7768FDFB33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
},
{
"lang": "es",
"value": "La API libvirt de la funci\u00f3n virConnectGetDomainCapabilities(), versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, acepta un argumento \"emulatorbin\" para especificar el programa que proporciona emulaci\u00f3n para un dominio. Desde versi\u00f3n v1.2.19, libvirt ejecutar\u00e1 ese programa para examinar las capacidades del dominio. Los clientes de solo lectura podr\u00edan especificar una ruta de acceso arbitraria para este argumento, causando que libvirtd activara un ejecutable dise\u00f1ado con sus propios privilegios."
}
],
"id": "CVE-2019-10167",
"lastModified": "2024-11-21T04:18:33.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:12.170",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2024-11-21 07:59
Severity ?
Summary
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | 4.5.0 | |
| fedoraproject | fedora | 38 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9277EFDB-F870-4168-8429-3C6962B5FB06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device\u0027s capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct\u0027s g_autoptr cleanup."
}
],
"id": "CVE-2023-2700",
"lastModified": "2024-11-21T07:59:06.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-15T22:15:12.207",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2700"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203653"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20230706-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230706-0001/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:51
Severity ?
Summary
The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20AEBAC3-B816-4148-8E3B-8425914923A0",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E04748DC-4F9F-4BC2-A3D7-EAC3B73C5A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F45083-97C6-466F-9D67-057DDD08CFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906DC41-4724-4F81-9402-4EA3BC3F38A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10857CB9-D8B1-4EB4-8D93-E0DCC05F0C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "153AE3B9-F951-4AE5-9456-934E15445054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE87D15-DA60-4F89-BCFD-9CAB68111D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD8C1F3-5920-4684-BD05-6FA88EDAB64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60C81865-E1DB-40DA-9BB7-CE32C9EC4561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DC7BA8-ED6D-42C2-87EC-42F85CD276C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD99520-DF9D-4012-ADDB-14468FDEFB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "780A2EC8-5D4B-40B0-9A5A-EDC020554D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving \"multiple events registration.\""
},
{
"lang": "es",
"value": "El controlador qemu (qemu/qemu_driver.c) en libvirt anteriores a 1.1.1 permite a usuarios autenticados remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de vectores no especificados que involucran \"multiple events registration\"."
}
],
"id": "CVE-2013-2230",
"lastModified": "2024-11-21T01:51:17.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:09.037",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f38c8185f97720ecae7ef2291fbaa5d6b0209e17"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/10/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=981476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f38c8185f97720ecae7ef2291fbaa5d6b0209e17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/10/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=981476"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2024-11-21 02:18
Severity ?
Summary
The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FED07429-2F89-4903-99EF-C153CD0FC59E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a \"virsh vol-upload\" command."
},
{
"lang": "es",
"value": "La funci\u00f3n storageVolUpload en el archivo storage/storage_driver.c en libvirt anterior a versi\u00f3n 1.2.11, no comprueba un determinado valor devuelto, lo que permite a los usuarios locales causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL y bloqueo del demonio) por medio de un valor de desplazamiento dise\u00f1ado en un comando \"virsh vol-upload\"."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2014-8135",
"lastModified": "2024-11-21T02:18:37.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:09.173",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=87b9437f8951f9d24f9a85c6bbfff0e54df8c984"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61111"
},
{
"source": "secalert@redhat.com",
"url": "http://security.libvirt.org/2014/0009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=87b9437f8951f9d24f9a85c6bbfff0e54df8c984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.libvirt.org/2014/0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087104"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-28 18:29
Modified
2024-11-21 03:59
Severity ?
Summary
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | libvirt | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF48B60B-606F-47E7-9469-464B3A10EFFE",
"versionEndIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent."
},
{
"lang": "es",
"value": "libvirt, en versiones anteriores a la 4.2.0-rc1 es vulnerable a un agotamiento de recursos como resultado de una soluci\u00f3n incompleta para CVE-2018-5748 que afecta al monitor QEMU, pero que ahora tambi\u00e9n puede desencadenarse mediante el agente invitado de QEMU."
}
],
"id": "CVE-2018-1064",
"lastModified": "2024-11-21T03:59:06.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-28T18:29:00.207",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"
},
{
"source": "secalert@redhat.com",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:1396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:1929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-06 14:15
Modified
2024-11-21 05:18
Severity ?
Summary
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56B3552B-7C49-46EA-9B46-E85EF006CD97",
"versionEndExcluding": "6.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 que ocurr\u00eda un problema de doble liberaci\u00f3n de la memoria en la API de libvirt, en versiones anteriores a 6.8.0, responsable de pedir informaci\u00f3n sobre unas interfaces de red de un dominio QEMU en ejecuci\u00f3n.\u0026#xa0;Este fallo afecta al controlador de control de acceso polkit.\u0026#xa0;Espec\u00edficamente, unos clientes que se conectan al socket de lectura y escritura con permisos limitados de ACL podr\u00edan usar este fallo para bloquear el demonio libvirt, resultando en una denegaci\u00f3n de servicio o potencialmente escalar sus privilegios sobre el sistema.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema"
}
],
"id": "CVE-2020-25637",
"lastModified": "2024-11-21T05:18:18.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-06T14:15:12.527",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-19 12:10
Modified
2024-11-21 01:42
Severity ?
Summary
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B436D1F7-1C63-43A1-98E7-3E9D07E8EB4B",
"versionEndIncluding": "0.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a \"gap\" in the RPC dispatch table."
},
{
"lang": "es",
"value": "La funci\u00f3n virNetServerProgramDispatchCall en libvirt antes de v0.10.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia puntero NULL y fallo de segmentaci\u00f3n) a trav\u00e9s de una llamada RPC con (1) un evento como el n\u00famero RPC o (2) un n\u00famero RPC cuyo valor es en un \"hueco\" en la tabla RPC."
}
],
"id": "CVE-2012-4423",
"lastModified": "2024-11-21T01:42:51.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-19T12:10:52.040",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f8fbeb50d52520a109d71c8566fed2ea600650ec"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1359.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/14"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55541"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027649"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1708-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=857133"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f8fbeb50d52520a109d71c8566fed2ea600650ec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1359.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1708-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=857133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-20 15:55
Modified
2024-11-21 01:50
Severity ?
Summary
libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE537D6-11ED-4F11-AD3B-6EEF27F27712",
"versionEndIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors."
},
{
"lang": "es",
"value": "libvirt v1.0.2 y anteriores establece el propietario del grupo de archivos de dispositivo para kvm, permite a usuarios locales escribir en estos archivos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-1766",
"lastModified": "2024-11-21T01:50:20.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-20T15:55:00.960",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52628"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2650"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58178"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-03 18:55
Modified
2024-11-21 02:11
Severity ?
Summary
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_virtualization | 3.0 | |
| opensuse | opensuse | 12.3 | |
| opensuse | opensuse | 13.1 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | libvirt | 1.0.0 | |
| redhat | libvirt | 1.0.1 | |
| redhat | libvirt | 1.0.2 | |
| redhat | libvirt | 1.0.3 | |
| redhat | libvirt | 1.0.4 | |
| redhat | libvirt | 1.0.5 | |
| redhat | libvirt | 1.0.5.1 | |
| redhat | libvirt | 1.0.5.2 | |
| redhat | libvirt | 1.0.5.3 | |
| redhat | libvirt | 1.0.5.4 | |
| redhat | libvirt | 1.0.5.5 | |
| redhat | libvirt | 1.0.5.6 | |
| redhat | libvirt | 1.0.6 | |
| redhat | libvirt | 1.1.0 | |
| redhat | libvirt | 1.1.1 | |
| redhat | libvirt | 1.1.2 | |
| redhat | libvirt | 1.1.3 | |
| redhat | libvirt | 1.1.4 | |
| redhat | libvirt | 1.2.0 | |
| redhat | libvirt | 1.2.1 | |
| redhat | libvirt | 1.2.2 | |
| redhat | libvirt | 1.2.3 | |
| redhat | libvirt | 1.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "105130E9-D48E-4FB8-A715-E6438EC7E744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1666DD-AC49-477A-921C-8197F5EFECA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6B6D6F-6CD3-43C3-B1EC-18DEC89DFDA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF21D58D-6952-4C72-94C3-32421499AFCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83403472-4883-4914-846A-3C3E912C5573",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors."
},
{
"lang": "es",
"value": "libvirt 1.0.0 hasta 1.2.x anterior a 1.2.5, cuando el control de acceso detallado est\u00e1 habilitado, permite a usuarios locales leer ficheros arbitrarios a trav\u00e9s de un documento XML manipulado que contiene una declaraci\u00f3n de entidad externa XML en conjunto con una referencia de entidad en el m\u00e9todo API (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU o (19) virConnectBaselineCPU, relacionado con un problema de entidad externa XML (XXE). NOTA: este problema ha sido dividido (SPLIT) del CVE-2014-0179 por ADT3 debido a las diferentes versiones afectadas de algunos vectores."
}
],
"id": "CVE-2014-5177",
"lastModified": "2024-11-21T02:11:33.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-03T18:55:05.693",
"references": [
{
"source": "cve@mitre.org",
"url": "http://libvirt.org/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0003.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.libvirt.org/2014/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2366-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-02 23:15
Modified
2024-11-21 06:22
Severity ?
Summary
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | enterprise_linux | 8.0 | |
| netapp | ontap_select_deploy_administration_utility | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22B8D1C-DDB7-45C4-AF7D-C308743A4C7A",
"versionEndIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability."
},
{
"lang": "es",
"value": "Se ha encontrado un problema de bloqueo inapropiado en la API virStoragePoolLookupByTargetPath de libvirt. Ocurre en la funci\u00f3n storagePoolLookupByTargetPath, donde un objeto virStoragePoolObj bloqueado no es liberado apropiadamente al fallar el permiso ACL. Los clientes que son conectados al socket de lectura-escritura con permisos ACL limitados podr\u00edan usar este fallo para adquirir el bloqueo e impedir que otros usuarios accedan a las APIs de pools/vol\u00famenes de almacenamiento, resultando en una condici\u00f3n de denegaci\u00f3n de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"
}
],
"id": "CVE-2021-3667",
"lastModified": "2024-11-21T06:22:06.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T23:15:08.843",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87"
},
{
"source": "secalert@redhat.com",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220331-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220331-0005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:55
Severity ?
Summary
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | 0.9.1 | |
| redhat | libvirt | 0.9.2 | |
| redhat | libvirt | 0.9.3 | |
| redhat | libvirt | 0.9.4 | |
| redhat | libvirt | 0.9.5 | |
| redhat | libvirt | 0.9.6 | |
| redhat | libvirt | 0.9.7 | |
| redhat | libvirt | 0.9.8 | |
| redhat | libvirt | 0.9.9 | |
| redhat | libvirt | 0.9.10 | |
| redhat | libvirt | 0.9.11 | |
| redhat | libvirt | 0.9.12 | |
| redhat | libvirt | 0.9.13 | |
| redhat | libvirt | 0.10.0 | |
| redhat | libvirt | 0.10.1 | |
| redhat | libvirt | 0.10.2 | |
| redhat | libvirt | 0.10.2.1 | |
| redhat | libvirt | 0.10.2.2 | |
| redhat | libvirt | 0.10.2.3 | |
| redhat | libvirt | 0.10.2.4 | |
| redhat | libvirt | 0.10.2.5 | |
| redhat | libvirt | 0.10.2.6 | |
| redhat | libvirt | 0.10.2.7 | |
| redhat | libvirt | 1.0.5.1 | |
| redhat | libvirt | 1.0.5.2 | |
| redhat | libvirt | 1.0.5.3 | |
| redhat | libvirt | 1.0.5.4 | |
| redhat | libvirt | 1.0.5.5 | |
| redhat | libvirt | 1.1.0 | |
| redhat | libvirt | 1.1.1 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.04 | |
| redhat | enterprise_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6310759E-ADFB-4DF4-8D10-4DDC42D29AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2B1536-6671-4508-BC7D-6F11408B3CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D7BAB-A2EC-4DD9-A7B8-D5806CD5F306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94E85C10-0192-46B4-828D-52BAE6A6F69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call."
},
{
"lang": "es",
"value": "La funcion remoteDispatchDomainMemoryStats en daemon/remote.c de libvirt 0.9.1 hasta 0.10.1.x, 0.10.2.x anterior a 0.10.2.8, 1.0.x anterior a 1.0.5.6, y 1.1.x anterior 1.1.2 permite a usuarios remotos autenticados (deferencia y caida del proceso) a trav\u00e9s de un llamada RPC manipulada"
}
],
"id": "CVE-2013-4296",
"lastModified": "2024-11-21T01:55:18.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:09.427",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2764"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 23:15
Modified
2024-11-21 04:18
Severity ?
Summary
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | libvirt | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | virtualization | 4.0 | |
| redhat | virtualization_host | 4.0 | |
| redhat | enterprise_linux | 7.0 | |
| canonical | ubuntu_linux | 14.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC3BCDF-C976-4FC5-A438-C66F6A2C35F8",
"versionEndExcluding": "4.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2004724A-67F7-45C3-8FEF-21F4DF5655B6",
"versionEndExcluding": "5.4.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs."
},
{
"lang": "es",
"value": "Se detect\u00f3 que libvirtd anterior a versiones 4.10.1 y 5.4.1, permitir\u00eda a clientes de solo lectura usar la API de la funci\u00f3n virDomainSaveImageGetXMLDesc(), especificando una ruta (path) arbitraria a la que se acceder\u00eda con los permisos del proceso libvirtd. Un atacante con acceso al socket libvirtd podr\u00eda usar esto para probar la existencia de archivos arbitrarios, causar una denegaci\u00f3n de servicio o causar que libvirtd ejecute programas arbitrarios."
}
],
"id": "CVE-2019-10161",
"lastModified": "2024-11-21T04:18:32.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T23:15:12.120",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161"
},
{
"source": "secalert@redhat.com",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-18"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4047-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4047-2/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-03 17:15
Modified
2024-11-21 05:03
Severity ?
Summary
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1860069 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202101-22 | Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202210-06 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1860069 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202101-22 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202210-06 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C37FC2C5-3E40-4531-AE8C-97EB33B624A2",
"versionEndExcluding": "6.7.0",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en libvirt, donde filtr\u00f3 un descriptor de archivo para \"/dev/mapper/control\" en el proceso QEMU.\u0026#xa0;Este descriptor de archivo permite que operaciones privilegiadas sean realizadas contra el mapeador de dispositivos en el host.\u0026#xa0;este fallo permite a un usuario o proceso invitado malicioso llevar a cabo operaciones fuera de sus permisos est\u00e1ndar, lo que podr\u00eda causar da\u00f1os graves al sistema operativo del host.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema"
}
],
"id": "CVE-2020-14339",
"lastModified": "2024-11-21T05:03:02.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-03T17:15:12.207",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860069"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-22"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-06"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:54
Severity ?
Summary
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the \"virsh vcpucount dom --guest\" command."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n en la funci\u00f3n qemuAgentGetVCPUs de qemu/qemu_agent.c en libvirt 1.0.6 hasta la versi\u00f3n 1.1.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del demonio) a trav\u00e9s de una solicitud de recuento de la CPU, como se demuestra con el comando \"virsh vcpucount dom --guest\"."
}
],
"id": "CVE-2013-4153",
"lastModified": "2024-11-21T01:54:58.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:09.160",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=dfc692350a04a70b4ca65667c30869b3bfdaf034"
},
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2013/07/19/11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=984821"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=986383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=dfc692350a04a70b4ca65667c30869b3bfdaf034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2013/07/19/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=984821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=986383"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-10 20:55
Modified
2024-11-21 01:27
Severity ?
Summary
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of \"security manager private data\" that \"reopens disk probing\" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression."
},
{
"lang": "es",
"value": "La funci\u00f3n virSecurityManagerGetPrivateData de security/security_manager.c en libvirt 0.8.8 hasta la 0.9.1 utiliza un argumento err\u00f3neo para una llamada \"sizeof\", lo que provoca un procesado incorrecto de \"datos privados de gesti\u00f3n de la seguridad\" que reabre un an\u00e1lisis de disco y pueden permitir a usuarios invitados del SO leer archivos arbitarrios en del OS anfitri\u00f3n. NOTA: esta vulnerabilidad existe debido a una regresi\u00f3n de la CVE-2010-2238."
}
],
"id": "CVE-2011-2178",
"lastModified": "2024-11-21T01:27:45.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-10T20:55:01.390",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html"
},
{
"source": "secalert@redhat.com",
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1152-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709769"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709775"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1152-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-24 18:55
Modified
2024-11-21 01:59
Severity ?
Summary
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE91A69-56FF-49BC-B606-D12126200357",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E04748DC-4F9F-4BC2-A3D7-EAC3B73C5A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F45083-97C6-466F-9D67-057DDD08CFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906DC41-4724-4F81-9402-4EA3BC3F38A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10857CB9-D8B1-4EB4-8D93-E0DCC05F0C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "153AE3B9-F951-4AE5-9456-934E15445054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE87D15-DA60-4F89-BCFD-9CAB68111D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD8C1F3-5920-4684-BD05-6FA88EDAB64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60C81865-E1DB-40DA-9BB7-CE32C9EC4561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DC7BA8-ED6D-42C2-87EC-42F85CD276C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD99520-DF9D-4012-ADDB-14468FDEFB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "780A2EC8-5D4B-40B0-9A5A-EDC020554D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6310759E-ADFB-4DF4-8D10-4DDC42D29AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2B1536-6671-4508-BC7D-6F11408B3CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D7BAB-A2EC-4DD9-A7B8-D5806CD5F306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94E85C10-0192-46B4-828D-52BAE6A6F69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D60D834F-926B-416B-AB66-FCD7981DDCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1666DD-AC49-477A-921C-8197F5EFECA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command."
},
{
"lang": "es",
"value": "La funci\u00f3n libxlDomainGetNumaParameters en el driver libxl (libxl/libxl_driver.c) de libvirt anteriores a 1.2.1 no inicializa correctamente el nodemap, lo cual permite a usuarios locales causar denegaci\u00f3n de servicio (operaci\u00f3n de liberaci\u00f3n inv\u00e1lida y ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un dominio inactivo en el comando virsh numatune."
}
],
"id": "CVE-2013-6457",
"lastModified": "2024-11-21T01:59:16.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-24T18:55:04.743",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048629"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01176.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-02 18:55
Modified
2024-11-21 01:55
Severity ?
Summary
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "La funci\u00f3n de la API virConnectDomainXMLToNative en libvirt versiones 1.1.0 hasta 1.1.3, comprueba el permiso connect:read en lugar del permiso connect:write, que permite a los atacantes conseguir privilegios domain:write y ejecutar archivos binarios de Qemu por medio de un XML dise\u00f1ado. NOTA: algunos de estos detalles se obtienen a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2013-4401",
"lastModified": "2024-11-21T01:55:29.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-02T18:55:03.157",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55210"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1029241"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2026-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2026-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-19 02:15
Modified
2024-11-21 04:38
Severity ?
Summary
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "322F405E-41C5-4548-BB8E-FE8542A7E992",
"versionEndExcluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage)."
},
{
"lang": "es",
"value": "El archivo qemu/qemu_driver.c en libvirt versiones anteriores a 6.0.0, maneja inapropiadamente la conservaci\u00f3n de un trabajo de monitoreo durante una consulta a un agente invitado, lo que permite a atacantes causar una denegaci\u00f3n de servicio (bloqueo de la API)."
}
],
"id": "CVE-2019-20485",
"lastModified": "2024-11-21T04:38:35.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-19T02:15:10.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809740"
},
{
"source": "cve@mitre.org",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-20485"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-20485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-23 20:15
Modified
2024-11-21 06:23
Severity ?
Summary
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "248F6876-51F6-4A2B-999C-FDEE82D40689",
"versionEndExcluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF5C4AC-CA69-41E3-AD93-7AC21931374A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "729C515E-1DD3-466D-A50B-AFE058FFC94A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD81C46-328B-412D-AF4E-68A2AD2F1A73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF5C4AC-CA69-41E3-AD93-7AC21931374A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "729C515E-1DD3-466D-A50B-AFE058FFC94A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo de uso de memoria previamente liberada en libvirt. La funci\u00f3n qemuMonitorUnregister() en qemuProcessHandleMonitorEOF es llamada usando m\u00faltiples hilos sin estar adecuadamente protegida por un bloqueo de monitor. Este fallo podr\u00eda ser activado por la API virConnectGetAllDomainStats cuando el hu\u00e9sped est\u00e1 siendo apagado. Un cliente no privilegiado con una conexi\u00f3n de s\u00f3lo lectura podr\u00eda usar este fallo para llevar a cabo un ataque de denegaci\u00f3n de servicio causando el bloqueo del demonio libvirt."
}
],
"id": "CVE-2021-3975",
"lastModified": "2024-11-21T06:23:17.217",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T20:15:08.427",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3975"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024326"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221201-0002/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2021-3975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221201-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2021-3975"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-23 17:29
Modified
2024-11-21 04:11
Severity ?
Summary
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.ubuntu.com/usn/USN-3576-1 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3113 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4137 | Third Party Advisory | |
| cve@mitre.org | https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-3576-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3113 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4137 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | libvirt | - | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | virtualization | 4.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FED07429-2F89-4903-99EF-C153CD0FC59E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module."
},
{
"lang": "es",
"value": "util/virlog.c en libvirt no determina correctamente el nombre de host en el arranque del contenedor LXC, lo que permite que usuarios locales invitados del sistema operativo omitan un mecanismo de protecci\u00f3n de contenedor planeado y ejecuten comandos arbitrarios mediante un m\u00f3dulo NSS manipulado."
}
],
"id": "CVE-2018-6764",
"lastModified": "2024-11-21T04:11:08.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-23T17:29:00.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3576-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3113"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3576-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-24 18:55
Modified
2024-11-21 01:59
Severity ?
Summary
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE91A69-56FF-49BC-B606-D12126200357",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E04748DC-4F9F-4BC2-A3D7-EAC3B73C5A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F45083-97C6-466F-9D67-057DDD08CFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906DC41-4724-4F81-9402-4EA3BC3F38A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10857CB9-D8B1-4EB4-8D93-E0DCC05F0C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "153AE3B9-F951-4AE5-9456-934E15445054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE87D15-DA60-4F89-BCFD-9CAB68111D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD8C1F3-5920-4684-BD05-6FA88EDAB64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60C81865-E1DB-40DA-9BB7-CE32C9EC4561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DC7BA8-ED6D-42C2-87EC-42F85CD276C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD99520-DF9D-4012-ADDB-14468FDEFB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "780A2EC8-5D4B-40B0-9A5A-EDC020554D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6310759E-ADFB-4DF4-8D10-4DDC42D29AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2B1536-6671-4508-BC7D-6F11408B3CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D7BAB-A2EC-4DD9-A7B8-D5806CD5F306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94E85C10-0192-46B4-828D-52BAE6A6F69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D60D834F-926B-416B-AB66-FCD7981DDCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1666DD-AC49-477A-921C-8197F5EFECA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command."
},
{
"lang": "es",
"value": "M\u00faltiples condiciones de carrera en las funciones (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl y (4) virDomainGetBlockIoTune en libvirt anteriores a 1.2.1 no verifica correctamente que el disco est\u00e9 conectado, lo cual permite a atacantes remotos con permisos de s\u00f3lo lectura causar denegaci\u00f3n de servicio (ca\u00edda de libvirtd) a trav\u00e9s del comando virDomainDetachDeviceFlags."
}
],
"id": "CVE-2013-6458",
"lastModified": "2024-11-21T01:59:16.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.2,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-24T18:55:04.823",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0103.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56186"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56446"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2846"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043069"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-24 18:55
Modified
2024-11-21 02:01
Severity ?
Summary
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1666DD-AC49-477A-921C-8197F5EFECA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API."
},
{
"lang": "es",
"value": "libvirt 1.1.1 a 1.2.0 permite a atacantes dependientes del contexto sortear restricciones domain:getattr y connecdt:search_domains en ACLs y obtener informaci\u00f3n sensible de objetos a trav\u00e9s de una petici\u00f3n a funciones (1) virConnectDomainEventRegister y (2) virConnectDomainEventRegisterAny en la API de registro de eventos."
}
],
"id": "CVE-2014-0028",
"lastModified": "2024-11-21T02:01:12.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-24T18:55:04.900",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://libvirt.org/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048637"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://libvirt.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2093-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-25 15:59
Modified
2024-11-21 02:08
Severity ?
Summary
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7A5FAD-60E5-4D53-86C5-36F05B21775B",
"versionEndIncluding": "1.2.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de qemu en libvirt en versiones anteriores a 1.3.0 y Xen permite a usuarios locales del SO invitado provocar una denegaci\u00f3n de servicio (consumo de disco anfitri\u00f3n) escribiendo stdout o stderr."
}
],
"id": "CVE-2014-3672",
"lastModified": "2024-11-21T02:08:37.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-25T15:59:00.113",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035945"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-180.html"
},
{
"source": "secalert@redhat.com",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=0d968ad715475a1660779bcdd2c5b38ad63db4cf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://libvirt.org/news-2015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=0d968ad715475a1660779bcdd2c5b38ad63db4cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://libvirt.org/news-2015.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}