Denial Of Service (DoS)

2019-01-1509:20:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

49.5%

JSON

vdsm is vulnerable to denial of service (DoS) attacks. The vulnerability exists as it was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.

CPENameOperatorVersion
vdsmeq4.17.33__1.1.el7rhgs
vdsmeq4.17.43__1.el7ev
vdsmeq4.17.31__0.el7ev
vdsmeq4.14.17__1.el7
vdsmeq4.19.43__3.el7ev
vdsmeq4.19.28__1.el7ev
vdsmeq4.14.13__2.el7ev
vdsmeq4.17.39__1.el7ev
vdsmeq4.19.15__1.el7ev
vdsmeq4.20.35__1.el7ev

Name	Operator	Version
vdsm	eq	4.17.33__1.1.el7rhgs
vdsm	eq	4.17.43__1.el7ev
vdsm	eq	4.17.31__0.el7ev
vdsm	eq	4.14.17__1.el7
vdsm	eq	4.19.43__3.el7ev
vdsm	eq	4.19.28__1.el7ev
vdsm	eq	4.14.13__2.el7ev
vdsm	eq	4.17.39__1.el7ev
vdsm	eq	4.19.15__1.el7ev
vdsm	eq	4.20.35__1.el7ev