exploitDog

CVE-2020-27173

Опубликовано: 16 окт. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.

Ссылки

https://github.com/rust-vmm/vm-superio/issues/17
Third Party Advisory
https://github.com/rust-vmm/vm-superio/pull/19
Patch
Third Party Advisory
https://github.com/rust-vmm/vm-superio/issues/17
Third Party Advisory
https://github.com/rust-vmm/vm-superio/pull/19
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vm-superio_project:vm-superio:*:*:*:*:*:*:*:*

Версия до 0.1.1 (исключая)

EPSS

Процентиль: 56%

0.00334

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

GHSA-9hcc-hc53-34f7

github

больше 3 лет назад

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.

EPSS

Процентиль: 56%

0.00334

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770