Arbitrary Code Execution

2020-04-1000:56:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

xen is vulnerable to arbitrary code execution. It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain.

CPENameOperatorVersion
xeneq3.0.3__41.el5_1.5
xeneq3.0.3__64.el5_2.1
xeneq3.0.3__80.el5_3.3
xeneq3.0.3__105.el5_5.3
xeneq3.0.3__94.el5_4.2
xeneq3.0.3__25.0.3.el5
xeneq3.0.3__94.el5
xeneq3.0.3__105.el5_5.4
xeneq3.0.3__64.el5_2.3
xeneq3.0.3__80.el5_3.2

Name	Operator	Version
xen	eq	3.0.3__41.el5_1.5
xen	eq	3.0.3__64.el5_2.1
xen	eq	3.0.3__80.el5_3.3
xen	eq	3.0.3__105.el5_5.3
xen	eq	3.0.3__94.el5_4.2
xen	eq	3.0.3__25.0.3.el5
xen	eq	3.0.3__94.el5
xen	eq	3.0.3__105.el5_5.4
xen	eq	3.0.3__64.el5_2.3
xen	eq	3.0.3__80.el5_3.2