Lucene search

Veracode Vulnerability DatabaseVERACODE:45858

HistoryMar 14, 2024 - 6:36 a.m.

Off-by-one Error

2024-03-1406:36:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libvirt daemon

denial of service

miscalculation

unprivileged attacker

vulnerability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

9.7%

JSON

libvirt.so is vulnerable to Off-by-one Error. The vulnerability is due to a miscalculation in the udevListInterfacesByStatus function when the number of interfaces exceeds the size of the names array. This issue can be exploited by sending specially crafted data to the libvirt daemon, enabling an unprivileged attacker to conduct a denial of service by crashing the daemon.

CPENameOperatorVersion
libvirt.sole0.10000.0
libvirt.sole0.10000.0

CPE	Name	Operator	Version
	libvirt.so	le	0.10000.0
	libvirt.so	le	0.10000.0

References

access.redhat.com/errata/RHSA-2024:2560

access.redhat.com/security/cve/CVE-2024-1441

bugzilla.redhat.com/show_bug.cgi?id=2263841

bugzilla.suse.com/show_bug.cgi?id=1221237

github.com/libvirt/libvirt/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8

lists.debian.org/debian-lts-announce/2024/04/msg00000.html

lists.fedoraproject.org/archives/list/[email protected]/message/45FFKU3LODT345LAB5T4XZA5WKYMXJYU/

lists.fedoraproject.org/archives/list/[email protected]/message/E6MVZO5GXDB7RHY6MS3ZXES3HPK34P3A/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for VERACODE:45858