Lucene search

K

Veracode Vulnerability DatabaseVERACODE:46144

HistoryApr 02, 2024 - 7:17 a.m.

Denial Of Service (DoS)

2024-04-0207:17:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

denial of service

libvirt

vulnerability

memory allocation

negative array lengths

attacker

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

17.8%

Libvirt is vulnerable to Denial of Service(DoS). The vulnerability is due to improper handling of negative array lengths during memory allocation. If an attacker can pass a negative length to the g_new0 function will usually result in a Denial of Service(DoS).

References

access.redhat.com/errata/RHSA-2024:2560

access.redhat.com/errata/RHSA-2024:3253

access.redhat.com/security/cve/CVE-2024-2494

bugzilla.redhat.com/show_bug.cgi?id=2270115

bugzilla.suse.com/show_bug.cgi?id=1221815

github.com/libvirt/libvirt/commit/8a3f8d957507c1f8223fdcf25a3ff885b15557f2

lists.debian.org/debian-lts-announce/2024/04/msg00000.html

lists.libvirt.org/archives/list/[email protected]/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/

security.netapp.com/advisory/ntap-20240517-0009/

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

17.8%

Related for VERACODE:46144

cvelist1 nvd1 osv7 nessus23 debiancve1 redhatcve1 openvas11 oraclelinux2 ubuntucve1 vulnrichment1 mageia1 cbl_mariner1 cve1 redhat2 rocky2 ubuntu2 almalinux1 redos1 amazon1 photon3 debian1