Denial Of Service (DoS)

2020-08-1808:22:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.7 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.7 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:N/I:N/A:P

JSON

libvirt.so is vulnerable to denial of service (DoS). qemu/qemu_driver.c mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

CPENameOperatorVersion
libvirt:3.10eq5.5.0-r0
libvirt:3.10eq5.5.0-r1
libvirt:3.9eq5.5.0-r1
libvirt:3.11eq5.9.0-r1
libvirteq1.2.17__13.el7_2.2
libvirteq3.9.0__14.el7_5.8
libvirteq4.5.0__10.el7
libvirteq1.2.8__16.el7_1.2
libvirteq1.2.8__16.ael7b_1.2
libvirteq2.0.0__10.el7_3.9

Name	Operator	Version
libvirt:3.10	eq	5.5.0-r0
libvirt:3.10	eq	5.5.0-r1
libvirt:3.9	eq	5.5.0-r1
libvirt:3.11	eq	5.9.0-r1
libvirt	eq	1.2.17__13.el7_2.2
libvirt	eq	3.9.0__14.el7_5.8
libvirt	eq	4.5.0__10.el7
libvirt	eq	1.2.8__16.el7_1.2
libvirt	eq	1.2.8__16.ael7b_1.2
libvirt	eq	2.0.0__10.el7_3.9