CVE-2019-3840
published 2019-03-27CVE-2019-3840: A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in…
medium6.3CVSS 3.0
AVNACHPRLUINSCCNINAH
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | < libvirt 5.0.0-1 (bookworm) | libvirt 5.0.0-1 (bookworm) |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| redhat | libvirt | < 5.0.0 | 5.0.0 |
| redhat | libvirt | >= 0 < 5.0.0-1 | 5.0.0-1 |
| redhat | libvirt | >= 0 < 5.0.0-1 | 5.0.0-1 |
| redhat | libvirt | >= 0 < 5.0.0-1 | 5.0.0-1 |
| redhat | libvirt | >= 0 < 5.0.0-1 | 5.0.0-1 |
| the_libvirt_project | libvirt | — | — |
CVSS provenance
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
osv6.3MEDIUM