CVE-2014-8135
published 2014-12-19CVE-2014-8135: The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a…
low2.1CVSS 3.1
AVLACLAuNCNINAP
The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | < libvirt 1.2.9-7 (bookworm) | libvirt 1.2.9-7 (bookworm) |
| redhat | libvirt | >= 0 < 1.2.9-7 | 1.2.9-7 |
| redhat | libvirt | >= 0 < 1.2.9-7 | 1.2.9-7 |
| redhat | libvirt | >= 0 < 1.2.9-7 | 1.2.9-7 |
| redhat | libvirt | >= 0 < 1.2.9-7 | 1.2.9-7 |
CVSS provenance
nvd2.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW