CVE-2014-8135Redhat Libvirt vulnerability

7 documents7 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 79.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Libvirt
Timeline
PublishedDec 19
Latest updateMay 17

Description

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

Debianredhat/libvirt< 1.2.9-7+3

🔴Vulnerability Details

3
GHSA
GHSA-xjj7-h4hj-89mh: The storageVolUpload function in storage/storage_driver2022-05-17
OSV
CVE-2014-8135: The storageVolUpload function in storage/storage_driver2014-12-19
CVEList
CVE-2014-8135: The storageVolUpload function in storage/storage_driver2014-12-19

📋Vendor Advisories

2
Red Hat
libvirt: local denial of service in storage/storage_driver.c2014-12-17
Debian
CVE-2014-8135: libvirt - The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2....2014

💬Community

1
Bugzilla
CVE-2014-8135 libvirt: local denial of service in storage/storage_driver.c2014-12-19
CVE-2014-8135 — Redhat Libvirt vulnerability | cvebase