CVE-2020-10703
Severity
6.5MEDIUM
EPSS
0.7%
top 28.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 2
Latest updateMay 24
Description
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages4 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-c69p-28r6-q952: A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3↗2022-05-24
OSV▶
CVE-2020-10703: A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3↗2020-06-02
CVEList▶
CVE-2020-10703: A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3↗2020-06-02