CVE-2019-3840

Published: Mar 27, 2019Modified: Nov 21, 2024

6.3

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 4.0

Source: NVD

Description

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

Affected (3)

Products: Redhat: Libvirt · Opensuse: Leap

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Libvirt	Before 5.0.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 42.3

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:2294

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1663051

Source: secalert@redhat.com

ExploitIssue TrackingThird Party AdvisoryVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840

Source: secalert@redhat.com

ExploitIssue TrackingPatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/

Source: secalert@redhat.com

https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html

Source: secalert@redhat.com

ExploitVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html