[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3633Date: (C)2014-10-06   (M)2023-12-22


The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-60291
SECUNIA-60895
DSA-3038
GLSA-201412-04
RHSA-2014:1352
USN-2366-1
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
http://security.libvirt.org/2014/0004.html
openSUSE-SU-2014:1290
openSUSE-SU-2014:1293

CWE    1
CWE-119
OVAL    11
oval:org.secpod.oval:def:1500747
oval:org.secpod.oval:def:1500805
oval:org.secpod.oval:def:203450
oval:org.secpod.oval:def:702234
...

© SecPod Technologies