Lucene search

K

RedhatCVELIST:CVE-2019-3840

HistoryMar 27, 2019 - 12:24 p.m.

CVE-2019-3840

2019-03-2712:24:10

CWE-476

redhat

www.cve.org

2

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.2%

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

CNA Affected

[
  {
    "product": "libvirt",
    "vendor": "The libvirt Project",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.0"
      }
    ]
  }
]

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html

access.redhat.com/errata/RHSA-2019:2294

bugzilla.redhat.com/show_bug.cgi?id=1663051

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/

www.redhat.com/archives/libvir-list/2019-January/msg00241.html

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.2%

Related for CVELIST:CVE-2019-3840

openvas17 fedora3 centos1 nessus19 ubuntucve1 altlinux1 prion1 ubuntu1 redhat1 suse2 mageia1 nvd1 veracode1 amazon1 cve1 redhatcve1 debiancve1 photon6 oraclelinux1 osv1