Lucene search

K

XENCVELIST:CVE-2022-42321

HistoryNov 01, 2022 - 12:00 a.m.

CVE-2022-42321

2022-11-0100:00:00

XEN

www.cve.org

2

xenstore

stack exhaustion

vulnerability

AI Score

7.5

Confidence

High

EPSS

0

Percentile

14.2%

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.

CNA Affected

[
  {
    "vendor": "Xen",
    "product": "xen",
    "versions": [
      {
        "version": "consult Xen advisory XSA-418",
        "status": "unknown"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2022/11/01/8

xenbits.xen.org/xsa/advisory-418.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

security.gentoo.org/glsa/202402-07

www.debian.org/security/2022/dsa-5272

xenbits.xenproject.org/xsa/advisory-418.txt

AI Score

7.5

Confidence

High

EPSS

0

Percentile

14.2%

Related for CVELIST:CVE-2022-42321

nvd1 osv2 debiancve1 ubuntucve1 veracode1 prion1 xen1 cve1 nessus15 openvas12 fedora3 debian1 gentoo1