CVE-2010-2811 — Redhat Enterprise Virtualization vulnerability

5 documents5 sources

Severity

5.7MEDIUMNVD

EPSS

0.5%

top 32.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization

Timeline

PublishedAug 24

Latest updateMay 17

Description

Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.

CVSS vector

AV:A/AC:M/C:N/I:N/A:CExploitability: 5.5 | Impact: 6.9

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization2.2

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-gmq6-f2cw-4cmr: Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2↗2022-05-17

▶

CVEList

CVE-2010-2811: Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2↗2010-08-24

▶

📋Vendor Advisories

Red Hat

vdsm: SSL accept() blocks on a non-blocking Connection↗2010-08-19

▶

💬Community

Bugzilla

CVE-2010-2811 vdsm: SSL accept() blocks on a non-blocking Connection↗2010-08-10

▶