CVE-2024-1441

An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:2560
https://access.redhat.com/security/cve/CVE-2024-1441
https://bugzilla.redhat.com/show_bug.cgi?id=2263841
https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45FFKU3LODT345LAB5T4XZA5WKYMXJYU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6MVZO5GXDB7RHY6MS3ZXES3HPK34P3A/

Configurations

No configuration.

History

No history.

Information

Published : 2024-03-11 14:15

Updated : 2024-04-30 20:15

NVD link : CVE-2024-1441

Mitre link : CVE-2024-1441

CVE.ORG link : CVE-2024-1441

JSON object : View

Products Affected

No product.

CWE

CWE-193

Off-by-one Error

{"id": "CVE-2024-1441", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-03-11T14:15:06.917", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2560", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1441", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263841", "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45FFKU3LODT345LAB5T4XZA5WKYMXJYU/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6MVZO5GXDB7RHY6MS3ZXES3HPK34P3A/", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-193"}]}], "descriptions": [{"lang": "en", "value": "An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de error uno por uno en la funci\u00f3n udevListInterfacesByStatus() en libvirt cuando el n\u00famero de interfaces excede el tama\u00f1o de la matriz `names`. Este problema se puede reproducir enviando datos especialmente manipulados al daemon libvirt, lo que permite que un cliente sin privilegios realice un ataque de denegaci\u00f3n de servicio provocando que el daemon libvirt falle."}], "lastModified": "2024-04-30T20:15:07.380", "sourceIdentifier": "secalert@redhat.com"}

5.5 /10