Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-12430

Опубликовано: 28 апр. 2020
Источник: debian
EPSS Низкий

Описание

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libvirtfixed6.2.0-1experimentalpackage
libvirtfixed6.4.0-2package
libvirtnot-affectedstretchpackage
libvirtnot-affectedjessiepackage

Примечания

  • Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 (v6.1.0-rc1)

  • Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=d1eac92784573559b6fd56836e33b215c89308e3 (v4.10.0-rc1)

  • https://bugzilla.redhat.com/show_bug.cgi?id=1804548

  • https://bugzilla.redhat.com/show_bug.cgi?id=1828190

EPSS

Процентиль: 76%
0.00947
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-12430

CVSS3: 6.5
ubuntu
почти 6 лет назад

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

redhat логотип

CVE-2020-12430

CVSS3: 6.5
redhat
почти 6 лет назад

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

nvd логотип

CVE-2020-12430

CVSS3: 6.5
nvd
почти 6 лет назад

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

github логотип

GHSA-mm94-82mx-j73h

CVSS3: 6.5
github
больше 3 лет назад

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

oracle-oval логотип

ELSA-2020-5720

oracle-oval
больше 5 лет назад

ELSA-2020-5720: libvirt security update (IMPORTANT)

EPSS

Процентиль: 76%
0.00947
Низкий