CVE-2014-1447 — Race Condition in Redhat Libvirt

CWE-362 — Race Condition9 documents8 sources

Severity

3.3LOWNVD

EPSS

11.7%

top 6.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt

Timeline

PublishedJan 24

Latest updateMay 17

Description

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages2 packages

▶Debianredhat/libvirt< 1.2.1-1+3

▶NVDredhat/libvirt1.2.0+109

🔴Vulnerability Details

GHSA

GHSA-35qx-m8hh-rrjv: Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1↗2022-05-17

▶

CVEList

CVE-2014-1447: Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1↗2014-01-24

▶

OSV

CVE-2014-1447: Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1↗2014-01-24

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerabilities↗2014-01-30

▶

Debian

CVE-2014-1447: libvirt - Race condition in the virNetServerClientStartKeepAlive function in libvirt befor...↗2014

▶

Red Hat

libvirt: denial of service with keepalive↗2013-12-31

▶

💬Community

Bugzilla

CVE-2014-1447 libvirt: denial of service with keepalive [fedora-all]↗2014-01-17

▶

Bugzilla

CVE-2014-1447 libvirt: denial of service with keepalive↗2014-01-14

▶