A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
References
Configurations
No configuration.
History
14 Sep 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 May 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Apr 2024, 13:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
21 Mar 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-21 14:15
Updated : 2024-09-14 00:15
NVD link : CVE-2024-2494
Mitre link : CVE-2024-2494
CVE.ORG link : CVE-2024-2494
JSON object : View
Products Affected
No product.
CWE
CWE-789
Memory Allocation with Excessive Size Value