5

CVE-2014-3657

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibvirtLibvirt Version <= 1.2.8
LibvirtLibvirt Version1.2.0
LibvirtLibvirt Version1.2.1
LibvirtLibvirt Version1.2.2
LibvirtLibvirt Version1.2.3
LibvirtLibvirt Version1.2.4
LibvirtLibvirt Version1.2.5
LibvirtLibvirt Version1.2.6
LibvirtLibvirt Version1.2.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.79% 0.846
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html
http://rhn.redhat.com/errata/RHSA-2014-1352.html
http://secunia.com/advisories/60291
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669
http://secunia.com/advisories/62303
http://security.libvirt.org/2014/0005.html
Vendor Advisory
http://www.ubuntu.com/usn/USN-2404-1