Back to search
CVE-2019-3840
Published: Mar 27, 2019
Modified: Aug 4, 2024
PUBLISHED
CVSS v3.0
5.8
MEDIUM
Description
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
| Vendor | Product | Versions |
|---|---|---|
The libvirt Project | libvirt | affected 5.0.0 |
Weaknesses (CWE)
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1663051
x_refsource_CONFIRM
https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html
x_refsource_CONFIRM
openSUSE-SU-2019:1288
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1294
vendor-advisory
x_refsource_SUSE
FEDORA-2019-b3bfc61567
vendor-advisory
x_refsource_FEDORA
RHSA-2019:2294
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now