Veracode Vulnerability DatabaseVERACODE:46149NULL Pointer Dereference
5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
1.5 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
14.5%
Libvirt is vulnerable to NULL pointer dereference. The vulnerability is caused by a race condition due to the simultaneous detachment of a host interface while collecting the list of interfaces using the virConnectListAllInterfaces API. This race condition leads to a situation where the path variable can become NULL while still being accessed, resulting in Denial of Service (DoS).
| CPE | Name | Operator | Version |
|---|---|---|---|
| libvirt.so | le | 0.9008.0.debug | |
| libvirt.so | le | 0.9008.0.debug |
References
Related
5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
1.5 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
14.5%