CVE-2014-3657

2014-10-0614:55:10

CWE-399

redhat

web.nvd.nist.gov

nvd

cve-2014-3657

information security

libvirt

denial of service

remote attackers

deadlock

api command

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.9

Confidence

High

EPSS

0.038

Percentile

91.9%

JSON

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.

Affected configurations

Nvd

Node

libvirtlibvirtRange≤1.2.8

libvirtlibvirtMatch1.2.0

libvirtlibvirtMatch1.2.1

libvirtlibvirtMatch1.2.2

libvirtlibvirtMatch1.2.3

libvirtlibvirtMatch1.2.4

libvirtlibvirtMatch1.2.5

libvirtlibvirtMatch1.2.6

libvirtlibvirtMatch1.2.7

VendorProductVersionCPE
libvirtlibvirt1.2.1cpe:/a:libvirt:libvirt:1.2.1:::
libvirtlibvirt1.2.7cpe:/a:libvirt:libvirt:1.2.7:::
libvirtlibvirt1.2.3cpe:/a:libvirt:libvirt:1.2.3:::
libvirtlibvirt1.2.2cpe:/a:libvirt:libvirt:1.2.2:::
libvirtlibvirt1.2.4cpe:/a:libvirt:libvirt:1.2.4:::
libvirtlibvirtcpe:/a:libvirt:libvirt::::
libvirtlibvirt1.2.6cpe:/a:libvirt:libvirt:1.2.6:::
libvirtlibvirt1.2.0cpe:/a:libvirt:libvirt:1.2.0:::
libvirtlibvirt1.2.5cpe:/a:libvirt:libvirt:1.2.5:::

Vendor	Product	Version	CPE
libvirt	libvirt	1.2.1	cpe:/a:libvirt:libvirt:1.2.1:::
libvirt	libvirt	1.2.7	cpe:/a:libvirt:libvirt:1.2.7:::
libvirt	libvirt	1.2.3	cpe:/a:libvirt:libvirt:1.2.3:::
libvirt	libvirt	1.2.2	cpe:/a:libvirt:libvirt:1.2.2:::
libvirt	libvirt	1.2.4	cpe:/a:libvirt:libvirt:1.2.4:::
libvirt	libvirt		cpe:/a:libvirt:libvirt::::
libvirt	libvirt	1.2.6	cpe:/a:libvirt:libvirt:1.2.6:::
libvirt	libvirt	1.2.0	cpe:/a:libvirt:libvirt:1.2.0:::
libvirt	libvirt	1.2.5	cpe:/a:libvirt:libvirt:1.2.5:::