CVE-2011-1486 — Redhat Libvirt vulnerability

CWE-3999 documents8 sources

Severity

3.3LOWNVD

EPSS

0.9%

top 24.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt

Timeline

PublishedMay 31

Latest updateMay 17

Description

libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages2 packages

▶Debianredhat/libvirt< 0.9.0-1+3

▶NVDredhat/libvirt0.8.8+54

Patches

Patch: bugzilla.redhat.com ↗Patch: www.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-wmfm-p2jq-55wv: libvirtd in libvirt before 0↗2022-05-17

▶

CVEList

CVE-2011-1486: libvirtd in libvirt before 0↗2011-05-31

▶

OSV

CVE-2011-1486: libvirtd in libvirt before 0↗2011-05-31

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerabilities↗2011-06-16

▶

Red Hat

libvirt: error reporting in libvirtd is not thread safe↗2011-03-23

▶

Debian

CVE-2011-1486: libvirt - libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which...↗2011

▶

💬Community

Bugzilla

CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe↗2011-04-04

▶

Bugzilla

CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe [fedora-all]↗2011-04-04

▶