CVE-2020-29482 — Untrusted Search Path in Ulikunitz XZ

CWE-426 — Untrusted Search Path CWE-835 — Infinite Loop6 documents6 sources

Severity

6.0MEDIUMNVD

GHSA7.5

EPSS

0.1%

top 80.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Github.com Ulikunitz XZ Debian XEN +2 more

Timeline

PublishedDec 15

Latest updateMay 24

Description

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored imposes a pathname limit that is applied solely to the relative or absolute path specified by the client. Therefore, a guest can create paths in its own namespace which are …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages4 packages

▶debiandebian/xen< xen 4.14.0+88-g1d1d1f5391-1 (bookworm)

▶Gogithub.com/ulikunitz_xz< 0.5.8

▶Debianxen/xen< 4.14.0+88-g1d1d1f5391-1+3

▶NVDxen/xen4.14.0

Also affects: Debian Linux 10.0, Fedora 32, 33

Patches

Patch: xenbits.xenproject.org ↗Patch: xenbits.xenproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-8458-3j4r-x5w4: An issue was discovered in Xen through 4↗2022-05-24

▶

GHSA

github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)↗2021-05-25

▶

OSV

CVE-2020-29482: An issue was discovered in Xen through 4↗2020-12-15

▶

📋Vendor Advisories

Red Hat

ulikunitz/xz: Infinite loop in readUvarint allows for denial of service↗2020-08-19

▶

Debian

CVE-2020-29482: xen - An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths...↗2020

▶