cve-2018-5244

Vulnerability from cvelistv5

Published

2018-01-05 18:00

Modified

2024-08-05 05:33

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/102433	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1040774
cve@mitre.org	https://security.gentoo.org/glsa/201810-06
cve@mitre.org	https://xenbits.xen.org/xsa/advisory-253.html	Issue Tracking, Mitigation, Vendor Advisory

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:43.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201810-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-06"
          },
          {
            "name": "102433",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102433"
          },
          {
            "name": "1040774",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040774"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-253.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn\u0027t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201810-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-06"
        },
        {
          "name": "102433",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102433"
        },
        {
          "name": "1040774",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040774"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-253.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn\u0027t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201810-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-06"
            },
            {
              "name": "102433",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102433"
            },
            {
              "name": "1040774",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040774"
            },
            {
              "name": "https://xenbits.xen.org/xsa/advisory-253.html",
              "refsource": "CONFIRM",
              "url": "https://xenbits.xen.org/xsa/advisory-253.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-5244",
    "datePublished": "2018-01-05T18:00:00",
    "dateReserved": "2018-01-05T00:00:00",
    "dateUpdated": "2024-08-05T05:33:43.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-5244\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-01-05T18:29:00.247\",\"lastModified\":\"2018-10-31T10:32:20.263\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn\u0027t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.\"},{\"lang\":\"es\",\"value\":\"En Xen 4.10, se introdujo una nueva infraestructura como parte de una revisi\u00f3n de c\u00f3mo ocurre la emulaci\u00f3n MSR para los invitados. Desafortunadamente, no se libera una estructura de rastreo cuando se destruye una vcpu. Esto permite que administradores invitados del sistema operativo provoquen una denegaci\u00f3n de servicio (consumo de memoria del sistema operativo del host) reiniciando muchas veces.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":4.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10.0\",\"matchCriteriaId\":\"E0060574-66EE-413D-9C6B-197AF1164EC9\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102433\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040774\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201810-06\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-253.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. Xen Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Xen is an open source virtual machine monitor. There is a security vulnerability in the Xen 4.10 release. An attacker can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06

                                       https://security.gentoo.org/

Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06

Synopsis

Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition.

Background

Xen is a bare-metal hypervisor.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages

Description

Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Xen users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2"

All Xen tools users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2"

References

[ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201810-06

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1434",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "xen",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "xen",
        "version": "4.10"
      },
      {
        "model": "xen",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "xen",
        "version": "4.10.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      },
      {
        "db": "BID",
        "id": "102433"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5244"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionStartIncluding": "4.10.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5244"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrew Cooper of Citrix.",
    "sources": [
      {
        "db": "BID",
        "id": "102433"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-5244",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 4.9,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-5244",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-04061",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.0,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-5244",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-5244",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-04061",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-233",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-233"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn\u0027t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. Xen Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Xen is an open source virtual machine monitor. There is a security vulnerability in the Xen 4.10 release. \nAn attacker can exploit this issue to cause a  denial-of-service condition. Due to the nature of this issue, code  execution may be possible but this has not been confirmed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201810-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Xen: Multiple vulnerabilities\n     Date: October 30, 2018\n     Bugs: #643350, #655188, #655544, #659442\n       ID: 201810-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncould cause a Denial of Service condition. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  app-emulation/xen          \u003c 4.10.1-r2              \u003e= 4.10.1-r2\n  2  app-emulation/xen-tools    \u003c 4.10.1-r2              \u003e= 4.10.1-r2\n    -------------------------------------------------------------------\n     2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nreferenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.10.1-r2\"\n\nAll Xen tools users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=app-emulation/xen-tools-4.10.1-r2\"\n\nReferences\n==========\n\n[  1 ] CVE-2017-5715\n       https://nvd.nist.gov/vuln/detail/CVE-2017-5715\n[  2 ] CVE-2017-5753\n       https://nvd.nist.gov/vuln/detail/CVE-2017-5753\n[  3 ] CVE-2017-5754\n       https://nvd.nist.gov/vuln/detail/CVE-2017-5754\n[  4 ] CVE-2018-10471\n       https://nvd.nist.gov/vuln/detail/CVE-2018-10471\n[  5 ] CVE-2018-10472\n       https://nvd.nist.gov/vuln/detail/CVE-2018-10472\n[  6 ] CVE-2018-10981\n       https://nvd.nist.gov/vuln/detail/CVE-2018-10981\n[  7 ] CVE-2018-10982\n       https://nvd.nist.gov/vuln/detail/CVE-2018-10982\n[  8 ] CVE-2018-12891\n       https://nvd.nist.gov/vuln/detail/CVE-2018-12891\n[  9 ] CVE-2018-12892\n       https://nvd.nist.gov/vuln/detail/CVE-2018-12892\n[ 10 ] CVE-2018-12893\n       https://nvd.nist.gov/vuln/detail/CVE-2018-12893\n[ 11 ] CVE-2018-15468\n       https://nvd.nist.gov/vuln/detail/CVE-2018-15468\n[ 12 ] CVE-2018-15469\n       https://nvd.nist.gov/vuln/detail/CVE-2018-15469\n[ 13 ] CVE-2018-15470\n       https://nvd.nist.gov/vuln/detail/CVE-2018-15470\n[ 14 ] CVE-2018-3620\n       https://nvd.nist.gov/vuln/detail/CVE-2018-3620\n[ 15 ] CVE-2018-3646\n       https://nvd.nist.gov/vuln/detail/CVE-2018-3646\n[ 16 ] CVE-2018-5244\n       https://nvd.nist.gov/vuln/detail/CVE-2018-5244\n[ 17 ] CVE-2018-7540\n       https://nvd.nist.gov/vuln/detail/CVE-2018-7540\n[ 18 ] CVE-2018-7541\n       https://nvd.nist.gov/vuln/detail/CVE-2018-7541\n[ 19 ] CVE-2018-7542\n       https://nvd.nist.gov/vuln/detail/CVE-2018-7542\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201810-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      },
      {
        "db": "BID",
        "id": "102433"
      },
      {
        "db": "PACKETSTORM",
        "id": "150083"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-5244",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "102433",
        "trust": 1.3
      },
      {
        "db": "SECTRACK",
        "id": "1040774",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001273",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-04061",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-233",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "150083",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      },
      {
        "db": "BID",
        "id": "102433"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      },
      {
        "db": "PACKETSTORM",
        "id": "150083"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-233"
      }
    ]
  },
  "id": "VAR-201801-1434",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:20:27.071000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "XSA-253",
        "trust": 0.8,
        "url": "https://xenbits.xen.org/xsa/advisory-253.html"
      },
      {
        "title": "Patch for Xen Denial of Service Vulnerability (CNVD-2018-04061)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/120001"
      },
      {
        "title": "Xen Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77544"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-233"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5244"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://xenbits.xen.org/xsa/advisory-253.html"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/201810-06"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/102433"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1040774"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5244"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5244"
      },
      {
        "trust": 0.3,
        "url": "http://www.xen.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7542"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12892"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10471"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12891"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5753"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12893"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10982"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5754"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5715"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15468"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15470"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7541"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7540"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      },
      {
        "db": "BID",
        "id": "102433"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      },
      {
        "db": "PACKETSTORM",
        "id": "150083"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-233"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      },
      {
        "db": "BID",
        "id": "102433"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      },
      {
        "db": "PACKETSTORM",
        "id": "150083"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-233"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      },
      {
        "date": "2018-01-05T00:00:00",
        "db": "BID",
        "id": "102433"
      },
      {
        "date": "2018-02-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      },
      {
        "date": "2018-10-31T01:14:40",
        "db": "PACKETSTORM",
        "id": "150083"
      },
      {
        "date": "2018-01-05T18:29:00.247000",
        "db": "NVD",
        "id": "CVE-2018-5244"
      },
      {
        "date": "2018-01-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-233"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-04061"
      },
      {
        "date": "2018-01-05T00:00:00",
        "db": "BID",
        "id": "102433"
      },
      {
        "date": "2018-02-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      },
      {
        "date": "2018-10-31T10:32:20.263000",
        "db": "NVD",
        "id": "CVE-2018-5244"
      },
      {
        "date": "2018-01-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-233"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-233"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Xen Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001273"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-233"
      }
    ],
    "trust": 0.6
  }
}

ghsa-3r9m-2j47-xq4r

Vulnerability from github

Published

2022-05-14 02:03

Modified

2022-05-14 02:03

Severity ?

6.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-5244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-05T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn\u0027t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.",
  "id": "GHSA-3r9m-2j47-xq4r",
  "modified": "2022-05-14T02:03:05Z",
  "published": "2022-05-14T02:03:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5244"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201810-06"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xen.org/xsa/advisory-253.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102433"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040774"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2018-5244

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-5244

Aliases

CVE-2018-5244

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-5244",
    "description": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn\u0027t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.",
    "id": "GSD-2018-5244",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-5244.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-5244"
      ],
      "details": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn\u0027t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.",
      "id": "GSD-2018-5244",
      "modified": "2023-12-13T01:22:40.094051Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-5244",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn\u0027t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201810-06",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201810-06"
          },
          {
            "name": "102433",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102433"
          },
          {
            "name": "1040774",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040774"
          },
          {
            "name": "https://xenbits.xen.org/xsa/advisory-253.html",
            "refsource": "CONFIRM",
            "url": "https://xenbits.xen.org/xsa/advisory-253.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionStartIncluding": "4.10.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5244"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn\u0027t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://xenbits.xen.org/xsa/advisory-253.html",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://xenbits.xen.org/xsa/advisory-253.html"
            },
            {
              "name": "102433",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102433"
            },
            {
              "name": "1040774",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1040774"
            },
            {
              "name": "GLSA-201810-06",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201810-06"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.0,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2018-10-31T10:32Z",
      "publishedDate": "2018-01-05T18:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2018-5244

Vulnerability from cvelistv5

var-201801-1434

Vulnerability from variot

Synopsis

Background

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

ghsa-3r9m-2j47-xq4r

Vulnerability from github

gsd-2018-5244

Vulnerability from gsd

Tags

Sightings

Nomenclature