PT-2019-2029 · Qemu+5 · Libvirt+5

Publicado

2019-02-01

Atualizado

2019-08-30

CVE-2019-3840

CVSS v3.1

6.3

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 5.0.0

Description A NULL pointer dereference flaw was discovered in the way libvirt gets interface information through the QEMU agent. This issue can be exploited by an attacker in a guest VM to crash libvirtd, causing a denial of service. The flaw is related to the virJSONValueObjectHasKey() function.

Recommendations For versions prior to 5.0.0, update to version 5.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the QEMU agent to minimize the risk of exploitation.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2019-1163

BDU:2019-01742

CESA-2019_2294

CVE-2019-3840

ELSA-2019-2294

MGASA-2019-0138

OPENSUSE-SU-2019:1288-1

OPENSUSE-SU-2019_1288-1

OPENSUSE-SU-2019_1294-1

RHSA-2019:2294

RHSA-2019_2294

SUSE-SU-2019:0553-1

SUSE-SU-2019:0936-1

SUSE-SU-2019:0948-1

SUSE-SU-2019:1042-1

SUSE-SU-2019_0553-1

SUSE-SU-2019_0936-1

SUSE-SU-2019_0948-1

SUSE-SU-2019_1042-1

USN-3909-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libvirt

PT-2019-2029 · Qemu+5 · Libvirt+5

CVE-2019-3840

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 72