CVE-2017-1000200

Опубликовано: 14 июл. 2017

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service

A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call the UnregisterHandler method with the name of a handler loaded internally in tcmu-runner via dlopen() to trigger DoS.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Ceph Storage 2	tcmu-runner	Affected
Red Hat Gluster Storage 3.3 for RHEL 7	tcmu-runner	Fixed	RHSA-2017:3277	29.11.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1487251tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS

EPSS

Процентиль: 58%

0.00367

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-1000200

CVSS3: 7.5

nvd

около 8 лет назад

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service

GHSA-w6w2-c994-p5h3