Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3633

Опубликовано: 06 окт. 2014
Источник: nvd
CVSS2: 5.8
EPSS Низкий

Описание

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*
Версия до 1.2.8 (включая)
cpe:2.3:a:libvirt:libvirt:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:libvirt:libvirt:1.2.7:*:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03629
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2014-3633

ubuntu
почти 11 лет назад

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

redhat логотип

CVE-2014-3633

redhat
почти 11 лет назад

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

debian логотип

CVE-2014-3633

debian
почти 11 лет назад

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt ...

github логотип

GHSA-gq49-7wvq-p22q

github
больше 3 лет назад

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

oracle-oval логотип

ELSA-2014-1352

oracle-oval
почти 11 лет назад

ELSA-2014-1352: libvirt security and bug fix update (MODERATE)

EPSS

Процентиль: 87%
0.03629
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-119