CVE-2010-3851

EUVD-2010-3830
libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
libguestfslibguestfs
𝑥
≤ 1.5.22
libguestfslibguestfs
1.5.0
libguestfslibguestfs
1.5.1
libguestfslibguestfs
1.5.2
libguestfslibguestfs
1.5.3
libguestfslibguestfs
1.5.4
libguestfslibguestfs
1.5.5
libguestfslibguestfs
1.5.6
libguestfslibguestfs
1.5.7
libguestfslibguestfs
1.5.8
libguestfslibguestfs
1.5.9
libguestfslibguestfs
1.5.10
libguestfslibguestfs
1.5.11
libguestfslibguestfs
1.5.12
libguestfslibguestfs
1.5.13
libguestfslibguestfs
1.5.14
libguestfslibguestfs
1.5.15
libguestfslibguestfs
1.5.16
libguestfslibguestfs
1.5.17
libguestfslibguestfs
1.5.18
libguestfslibguestfs
1.5.19
libguestfslibguestfs
1.5.20
libguestfslibguestfs
1.5.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html
http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/
http://secunia.com/advisories/41797
http://secunia.com/advisories/42235
http://www.redhat.com/support/errata/RHSA-2011-0586.html
http://www.securityfocus.com/bid/44166
http://www.vupen.com/english/advisories/2010/2874
http://www.vupen.com/english/advisories/2010/2963
https://bugzilla.redhat.com/show_bug.cgi?id=643958
https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html
https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html
https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html
http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/
http://secunia.com/advisories/41797
http://secunia.com/advisories/42235
http://www.redhat.com/support/errata/RHSA-2011-0586.html
http://www.securityfocus.com/bid/44166
http://www.vupen.com/english/advisories/2010/2874
http://www.vupen.com/english/advisories/2010/2963
https://bugzilla.redhat.com/show_bug.cgi?id=643958
https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html
https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html
https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html