Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2020-12430

Published: 28/04/2020 Updated: 01/04/2024
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Redhat

Vulnerability Summary

An issue exists in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x prior to 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat libvirt

redhat enterprise linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: libvirt: CVE-2020-12430
Debian Bug report logs - #959447 libvirt: CVE-2020-12430 Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 May 2020 13:33:01 UTC Severity: important Tags: security, upstr ...
Ubuntu Security Notice: libvirt vulnerabilities
Several security issues were fixed in libvirt ...

References

CWE-401https://bugzilla.redhat.com/show_bug.cgi?id=1804548https://bugzilla.redhat.com/show_bug.cgi?id=1828190https://security.netapp.com/advisory/ntap-20200518-0003/https://usn.ubuntu.com/4371-1/https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/https://lists.debian.org/debian-lts-announce/2024/04/msg00000.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959447https://usn.ubuntu.com/4371-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook