Описание
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 10.0.0-2ubuntu8.1 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | not-affected | 6.0.0-0ubuntu8.19 |
| esm-infra/xenial | needs-triage | |
| focal | released | 6.0.0-0ubuntu8.19 |
| jammy | released | 8.0.0-1ubuntu7.10 |
| mantic | released | 9.6.0-1ubuntu1.1 |
| noble | released | 10.0.0-2ubuntu8.1 |
| oracular | released | 10.0.0-2ubuntu8.1 |
Показывать по
EPSS
6.2 Medium
CVSS3
Связанные уязвимости
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
A flaw was found in the RPC library APIs of libvirt. The RPC server de ...
EPSS
6.2 Medium
CVSS3