Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-8235

Опубликовано: 29 авг. 2024
Источник: redhat
CVSS3: 6.2
EPSS Низкий

Описание

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

Отчет

This bug was introduced in libvirt-10.4.0. All versions of libvirt as shipped in Red Hat Enterprise Linux prior to RHEL-9.5 are unaffected by this CVE.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10libvirtAffected
Red Hat Enterprise Linux 6libvirtNot affected
Red Hat Enterprise Linux 7libvirtNot affected
Red Hat Enterprise Linux 8virt:rhel/libvirtNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/libvirtNot affected
Red Hat Enterprise Linux 9libvirtFixedRHSA-2024:912812.11.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2308680libvirt: Crash of virtinterfaced via virConnectListInterfaces()

EPSS

Процентиль: 22%
0.00072
Низкий

6.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-8235

CVSS3: 6.2
ubuntu
около 1 года назад

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

nvd логотип

CVE-2024-8235

CVSS3: 6.2
nvd
около 1 года назад

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

debian логотип

CVE-2024-8235

CVSS3: 6.2
debian
около 1 года назад

A flaw was found in libvirt. A refactor of the code fetching the list ...

redos логотип

ROS-20240911-01

CVSS3: 6.2
redos
около 1 года назад

Уязвимость libvirt

rocky логотип

RLSA-2024:9128

rocky
8 месяцев назад

Moderate: libvirt security update

EPSS

Процентиль: 22%
0.00072
Низкий

6.2 Medium

CVSS3