4.7
CVE-2010-3851
- EPSS 0.09%
- Published 04.11.2010 18:00:02
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.
Data is provided by the National Vulnerability Database (NVD)
Libguestfs ≫ Libguestfs Version <= 1.5.22
Libguestfs ≫ Libguestfs Version1.5.0
Libguestfs ≫ Libguestfs Version1.5.1
Libguestfs ≫ Libguestfs Version1.5.2
Libguestfs ≫ Libguestfs Version1.5.3
Libguestfs ≫ Libguestfs Version1.5.4
Libguestfs ≫ Libguestfs Version1.5.5
Libguestfs ≫ Libguestfs Version1.5.6
Libguestfs ≫ Libguestfs Version1.5.7
Libguestfs ≫ Libguestfs Version1.5.8
Libguestfs ≫ Libguestfs Version1.5.9
Libguestfs ≫ Libguestfs Version1.5.10
Libguestfs ≫ Libguestfs Version1.5.11
Libguestfs ≫ Libguestfs Version1.5.12
Libguestfs ≫ Libguestfs Version1.5.13
Libguestfs ≫ Libguestfs Version1.5.14
Libguestfs ≫ Libguestfs Version1.5.15
Libguestfs ≫ Libguestfs Version1.5.16
Libguestfs ≫ Libguestfs Version1.5.17
Libguestfs ≫ Libguestfs Version1.5.18
Libguestfs ≫ Libguestfs Version1.5.19
Libguestfs ≫ Libguestfs Version1.5.20
Libguestfs ≫ Libguestfs Version1.5.21
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.262 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 3.4 | 6.9 |
AV:L/AC:M/Au:N/C:C/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.