CVE-2017-1000200 — NULL Pointer Dereference in Project Tcmu-runner

CWE-476 — NULL Pointer Dereference5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 41.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tcmu-runner Project Tcmu-runner

Timeline

PublishedNov 17

Latest updateMay 17

Description

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDtcmu-runner_project/tcmu-runner6 versions+5

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-w6w2-c994-p5h3: tcmu-runner version 1↗2022-05-17

▶

📋Vendor Advisories

Red Hat

tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS↗2017-07-14

▶

💬Community

Bugzilla

CVE-2017-1000200 tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS↗2017-08-31

▶

Bugzilla

CVE-2017-1000198 CVE-2017-1000199 CVE-2017-1000200 CVE-2017-1000201 tcmu-runner: various flaws [fedora-all]↗2017-08-31

▶