Showing 1 - 3 of 3

CVE-2024-2494

Status Candidate

Overview

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

Related Files

Red Hat Security Advisory 2024-3253-03: Posted May 23, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-3253-03 - An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-2494; SHA-256 | 38a2a5b173ba7eada0726c5a94f281ec04fe22571ae7d5decf1b90b21f3c12b0; Download | Favorite | View

Ubuntu Security Notice USN-6734-2: Posted Apr 29, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6734-2 - USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service.; tags | advisory, denial of service, vulnerability; systems | linux, ubuntu; advisories | CVE-2024-1441, CVE-2024-2494; SHA-256 | de9bb025a2d32f7b6bc492105033df1d20ac65f5466d9541f8a4b62ce26e46e5; Download | Favorite | View

Ubuntu Security Notice USN-6734-1: Posted Apr 16, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6734-1 - Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled detaching certain host interfaces. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2024-1441, CVE-2024-2494, CVE-2024-2496; SHA-256 | a88afa3df653eb731bbf80eb700a1b7f14ed5a300bee125d81dbf9af2465df19; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 136 files
Jay Turla 107 files
Ubuntu 64 files
Gentoo 33 files
Debian 27 files
h00die 23 files
sinn3r 22 files
Pedro Ribeiro 21 files
juan vazquez 16 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (377)
CentOS (58)
Cisco (1,944)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (386)
iPhone (108)
IRIX (220)
Juniper (70)
Linux (50,966)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,661)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,788)
UNIX (9,443)
UnixWare (187)
Windows (6,731)
Other

CVE-2024-2494

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems