CVE-2010-3851Sensitive Information Exposure in Libguestfs

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 74.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libguestfs
Timeline
PublishedNov 4
Latest updateMay 17

Description

libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.

CVSS vector

AV:L/AC:M/C:C/I:N/A:NExploitability: 3.4 | Impact: 6.9

Affected Packages1 packages

NVDlibguestfs/libguestfs1.5.22+22

Patches

Patch: lists.fedoraproject.orgPatch: www.redhat.comPatch: lists.fedoraproject.org

🔴Vulnerability Details

2
GHSA
GHSA-vc83-g5p3-ggc5: libguestfs before 12022-05-17
CVEList
CVE-2010-3851: libguestfs before 12010-11-04

📋Vendor Advisories

1
Red Hat
libguestfs: missing disk format specifier when adding a disk2010-10-14

💬Community

2
Bugzilla
CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk [fedora-all]2010-10-18
Bugzilla
CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk2010-10-18
CVE-2010-3851 — Sensitive Information Exposure | cvebase