Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:45210
HistoryJan 30, 2024 - 5:14 p.m.

NULL Pointer Dereference

2024-01-3017:14:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
null pointer dereference
xen
virtual network
vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

18.8%

Xen is vulnerable to NULL Pointer Dereference. The vulnerability is caused by transmit requests in Xen’s virtual network protocol consisting of multiple parts, where any of them, except for the initial part, may be of zero length, leading to a NULL dereference.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

18.8%