Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2014-3633

Опубликовано: 06 окт. 2014
Источник: debian
EPSS Низкий

Описание

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libvirtfixed1.2.8-2package
libvirtnot-affectedsqueezepackage

Примечания

  • Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b

  • Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=eca96694a7f992be633d48d5ca03cedc9bbc3c9a (v0.9.8)

  • Upstream advisory: http://security.libvirt.org/2014/0004.html

EPSS

Процентиль: 87%
0.03629
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2014-3633

ubuntu
почти 11 лет назад

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

redhat логотип

CVE-2014-3633

redhat
почти 11 лет назад

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

nvd логотип

CVE-2014-3633

nvd
почти 11 лет назад

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

github логотип

GHSA-gq49-7wvq-p22q

github
больше 3 лет назад

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

oracle-oval логотип

ELSA-2014-1352

oracle-oval
почти 11 лет назад

ELSA-2014-1352: libvirt security and bug fix update (MODERATE)

EPSS

Процентиль: 87%
0.03629
Низкий