Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3657

Опубликовано: 01 окт. 2014
Источник: redhat
CVSS2: 3.3
EPSS Низкий

Описание

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.

A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive.

Отчет

This issue does not affect the versions of libvirt packages as shipped with Red Hat Enterprise Linux 5. This issue does affect the versions of libvirt packages as shipped with Red Hat Enterprise Linux 6 and 7. Future updates may address this issue in the respective Red Hat Enterprise Linux releases.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libvirtNot affected
Red Hat Storage 2.1libvirtWill not fix
Red Hat Enterprise Linux 6libvirtFixedRHSA-2014:187318.11.2014
Red Hat Enterprise Linux 7libvirtFixedRHSA-2014:135201.10.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1145667libvirt: domain_conf: domain deadlock DoS

EPSS

Процентиль: 80%
0.01497
Низкий

3.3 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3657

ubuntu
почти 11 лет назад

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.

nvd логотип

CVE-2014-3657

nvd
почти 11 лет назад

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.

debian логотип

CVE-2014-3657

debian
почти 11 лет назад

The virDomainListPopulate function in conf/domain_conf.c in libvirt be ...

github логотип

GHSA-543q-9rm2-x5f3

github
больше 3 лет назад

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.

oracle-oval логотип

ELSA-2014-1352

oracle-oval
почти 11 лет назад

ELSA-2014-1352: libvirt security and bug fix update (MODERATE)

EPSS

Процентиль: 80%
0.01497
Низкий

3.3 Low

CVSS2