CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
45.4%
libqb.so is vulnerable to Buffer Overflows. The vulnerability is due to poor memory management in the _blackbox_vlogger
function of log_blackbox.c, because the header is not considered part of the buffer size, which allows an attacker to cause a buffer overflow resulting in an application crash.
github.com/advisories/GHSA-4fvg-53ww-3r5g
github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8
github.com/ClusterLabs/libqb/compare/v2.0.7...v2.0.8
github.com/ClusterLabs/libqb/pull/490
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KECNF7LFBPE57XSBT6EM7ACVMIBP63WH/
lists.fedoraproject.org/archives/list/[email protected]/message/KECNF7LFBPE57XSBT6EM7ACVMIBP63WH/