Lucene search

Veracode Vulnerability DatabaseVERACODE:7297

HistoryAug 14, 2018 - 10:17 a.m.

Denial Of Service (DoS)

2018-08-1410:17:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

JSON

libvirt.so is vulnerable to denial of service (DoS) attacks. The library does not properly initialize a nodemap, leading to an invalid free that can crash the application or cause arbitrary code to be executed.

CPENameOperatorVersion
libvirt.soeq0.10.2

CPE	Name	Operator	Version
	libvirt.so	eq	0.10.2

References

libvirt.org/news.html

lists.opensuse.org/opensuse-updates/2014-02/msg00060.html

secunia.com/advisories/60895

security.gentoo.org/glsa/glsa-201412-04.xml

www.ubuntu.com/usn/USN-2093-1

bugzilla.redhat.com/show_bug.cgi?id=1048629

github.com/libvirt/libvirt/commit/f9ee91d35510ccbc6fc42cef8864b291b2d220f4

www.redhat.com/archives/libvir-list/2013-December/msg01176.html

www.redhat.com/archives/libvir-list/2013-December/msg01258.html

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

JSON

Related for VERACODE:7297