CVE-2017-2635

EUVD-2017-11796
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
redhatCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
redhatlibvirt
2.5.0 ≤
𝑥
≤ 3.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bookworm
9.0.0-4+deb12u1
fixed
bullseye
7.0.0-3+deb11u3
fixed
jessie
not-affected
sid
10.9.0-1
fixed
trixie
10.9.0-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
precise
not-affected
trusty
not-affected
xenial
not-affected
yakkety
not-affected
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=c3de387380f6057ee0e46cd9f2f0a092e8070875
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2635
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=c3de387380f6057ee0e46cd9f2f0a092e8070875