CVE-2017-1000198Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Tcmu-runner

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-416Use After Free5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 43.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tcmu-runner Project Tcmu-runner
Timeline
PublishedNov 17
Latest updateMay 17

Description

tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
GHSA
GHSA-m52m-q7q8-xjgc: tcmu-runner daemon version 02022-05-17

📋Vendor Advisories

1
Red Hat
tcmu-runner: glfs handler allows local DoS via crafted CheckConfig strings2017-05-21

💬Community

2
Bugzilla
CVE-2017-1000198 tcmu-runner: glfs handler allows local DoS via crafted CheckConfig strings2017-08-31
Bugzilla
CVE-2017-1000198 CVE-2017-1000199 CVE-2017-1000200 CVE-2017-1000201 tcmu-runner: various flaws [fedora-all]2017-08-31