CVE-2018-15470

EPSS 0.18%
Veröffentlicht 17.08.2018 18:29:00
Zuletzt bearbeitet 21.11.2024 03:50:52
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xen ≫ Xen Version <= 4.11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.402

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2	4	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://security.gentoo.org/glsa/201810-06

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html

http://xenbits.xen.org/xsa/advisory-272.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-15470

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15470

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15470

EUVD