CVE-2014-3633 in libvirtinfo

Summary

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

05/14/2014

Disclosure

10/06/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
67720	libvirt qemuDomainGetBlockIoTune memory corruption	119	Unproven	Official fix	CVE-2014-3633

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!