CVE-2022-2211Classic Buffer Overflow in Libguestfs

CWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 64.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LibguestfsRedhat Enterprise Linux
Timeline
PublishedJul 12
Latest updateJul 13

Description

A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianlibguestfs/libguestfs< 1:1.46.2-1+2
CVEListV5libguestfs/libguestfsnone

Also affects: Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-8rvm-f29f-fjx6: A vulnerability was found in libguestfs2022-07-13
OSV
CVE-2022-2211: A vulnerability was found in libguestfs2022-07-12
CVEList
CVE-2022-2211: A vulnerability was found in libguestfs2022-07-12

📋Vendor Advisories

2
Red Hat
libguestfs: Buffer overflow in get_keys leads to DoS2022-06-24
Debian
CVE-2022-2211: guestfs-tools - A vulnerability was found in libguestfs. This issue occurs while calculating the...2022
CVE-2022-2211 — Classic Buffer Overflow in Libguestfs | cvebase