14 lines
1.5 KiB
JSON
14 lines
1.5 KiB
JSON
{
|
|
"id": "openEuler-SA-2024-1391",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1391",
|
|
"title": "An update for libvirt is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
|
|
"severity": "Medium",
|
|
"description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.\r\n\r\nSecurity Fix(es):\r\n\r\nAn off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-1441)\r\n\r\nA flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-2494)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2024-2494",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2494",
|
|
"severity": "Medium"
|
|
}
|
|
]
|
|
} |