Lucene search

Veracode Vulnerability DatabaseVERACODE:28873

HistoryDec 31, 2020 - 5:03 p.m.

Denial Of Service (DoS)

2020-12-3117:03:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

JSON

xen is vulnerable to denial of service (DoS). The vulnerability exists through a NULL pointer dereference causing a crash in xenstored.

CPENameOperatorVersion
xen:3.12eq4.13.1-r0
xen:3.11eq4.13.1-r0
xen:3.11eq4.13.0-r1
xen:3.11eq4.13.0-r0
xen:edgeeq4.13.0-r3
xen:edgeeq4.13.0-r4
xen:edgeeq4.13.0-r2

Name	Operator	Version
xen:3.12	eq	4.13.1-r0
xen:3.11	eq	4.13.1-r0
xen:3.11	eq	4.13.0-r1
xen:3.11	eq	4.13.0-r0
xen:edge	eq	4.13.0-r3
xen:edge	eq	4.13.0-r4
xen:edge	eq	4.13.0-r2

References

lists.fedoraproject.org/archives/list/[email protected]/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/

lists.fedoraproject.org/archives/list/[email protected]/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/

secdb.alpinelinux.org/v3.12/main.yaml

www.debian.org/security/2020/dsa-4812

xenbits.xenproject.org/xsa/advisory-324.txt

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

JSON

Related for VERACODE:28873