Vulnerability Details : CVE-2024-1441

An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
Published 2024-03-11 14:15:07
Updated 2025-04-11 22:15:29
Source Red Hat, Inc.
View at NVD,   CVE.org
Vulnerability category: Denial of service

Products affected by CVE-2024-1441

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-1441

EPSS FAQ
0.05%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-1441

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.5
 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.8
3.6
 Red Hat, Inc. 2024-03-11

CWE ids for CVE-2024-1441

  • A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
    Assigned by: secalert@redhat.com (Secondary)

References for CVE-2024-1441

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close