CVE-2010-0428

EPSS 0.05%
Veröffentlicht 24.08.2010 18:00:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Enterprise Virtualization Version2.2

Redhat ≫ Qspice Version0.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.128

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.6	2.7	10	AV:L/AC:M/Au:S/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://bugzilla.redhat.com/show_bug.cgi?id=568699

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2010-0622.html

Patch

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2010-0633.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2010-0428

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0428

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0428

EUVD