rpm package
suse/libvirt&distro=SUSE Linux Enterprise Micro 5.1
pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-2494 | Med | 6.2 | < 7.1.0-150300.6.41.1 | 7.1.0-150300.6.41.1 | Mar 21, 2024 | A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negativ | |
| CVE-2022-0897 | — | < 7.1.0-150300.6.29.1 | 7.1.0-150300.6.29.1 | Mar 25, 2022 | A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilt | ||
| CVE-2021-4147 | — | < 7.1.0-6.11.1 | 7.1.0-6.11.1 | Mar 25, 2022 | A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. | ||
| CVE-2021-4190 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file | ||
| CVE-2021-4185 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | ||
| CVE-2021-4184 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | ||
| CVE-2021-4183 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file | ||
| CVE-2021-4182 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | ||
| CVE-2021-4181 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
- affected < 7.1.0-150300.6.41.1fixed 7.1.0-150300.6.41.1
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negativ
- CVE-2022-0897Mar 25, 2022affected < 7.1.0-150300.6.29.1fixed 7.1.0-150300.6.29.1
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilt
- CVE-2021-4147Mar 25, 2022affected < 7.1.0-6.11.1fixed 7.1.0-6.11.1
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
- CVE-2021-4190Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file
- CVE-2021-4185Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
- CVE-2021-4184Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
- CVE-2021-4183Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
- CVE-2021-4182Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
- CVE-2021-4181Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file