CVE-2011-1146
published 2011-03-15CVE-2011-1146: libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial…
medium6.9CVSS 3.1
AVLACMAuNCCICAC
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | < libvirt 0.8.8-3 (bookworm) | libvirt 0.8.8-3 (bookworm) |
| redhat | libvirt | — | — |
| redhat | libvirt | >= 0 < 0.8.8-3 | 0.8.8-3 |
| redhat | libvirt | >= 0 < 0.8.8-3 | 0.8.8-3 |
| redhat | libvirt | >= 0 < 0.8.8-3 | 0.8.8-3 |
| redhat | libvirt | >= 0 < 0.8.8-3 | 0.8.8-3 |
CVSS provenance
nvd6.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.2HIGH