Libvirt : Security Vulnerabilities, CVEs, (Overflow)
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.
Max CVSS
5.8
EPSS Score
3.88%
Published
2014-10-06
Updated
2023-02-13
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
Max CVSS
4.4
EPSS Score
0.04%
Published
2009-02-11
Updated
2023-02-13
2 vulnerabilities found