CVE-2017-2635

Advisory lineage Upstream: 0 Downstream: 2
Modified
Published: 22 Aug 2018, 21:00
Last modified:05 Aug 2024, 14:02

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.7 HIGH
v3.0 (cve.org)
EPSS Score
0.32% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

22 Aug 2018, 21:00
Published
Vulnerability first disclosed
05 Aug 2024, 14:02
Last Modified
Vulnerability information updated

Description

A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.

CVSS Metrics

  • v3.0HIGHScore: 7.7CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • v3.0MEDIUMScore: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • v2.0MEDIUMScore: 4AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.32% Percentile: 56%

Techniques & Countermeasures

  • CWE-476NULL Pointer Dereference

    The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

  • redhatlibvirt

    ≥ 2.5.0, ≤ 3.0.0

  • the libvirt projectlibvirt

    from 2.5.0 to 3.0.0

References (2)