CVE-2019-3840NULL Pointer Dereference in Redhat Libvirt

CWE-476NULL Pointer Dereference10 documents8 sources
Severity
6.3MEDIUMNVD
CNA5.8
EPSS
0.7%
top 27.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat LibvirtTHE Libvirt Project LibvirtOpensuse Leap
Timeline
PublishedMar 27
Latest updateMay 14

Description

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.8 | Impact: 4.0

Affected Packages4 packages

NVDredhat/libvirt< 5.0.0
Debianredhat/libvirt< 5.0.0-1+3
NVDopensuse/leap15.0, 42.3+1

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-rx4m-pcxc-jchp: A NULL pointer dereference flaw was discovered in libvirt before version 52022-05-14
CVEList
CVE-2019-3840: A NULL pointer dereference flaw was discovered in libvirt before version 52019-03-27
OSV
CVE-2019-3840: A NULL pointer dereference flaw was discovered in libvirt before version 52019-03-27

📋Vendor Advisories

3
Ubuntu
libvirt vulnerability2019-03-14
Red Hat
libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function2019-01-10
Debian
CVE-2019-3840: libvirt - A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 i...2019

💬Community

3
Bugzilla
CVE-2019-3840 libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function [fedora-all]2019-01-10
Bugzilla
CVE-2019-3840 mingw-libvirt: libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function [fedora-all]2019-01-10
Bugzilla
CVE-2019-3840 libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function2019-01-10
CVE-2019-3840 — NULL Pointer Dereference in Redhat | cvebase