Base Score

HIGH7.5

CVE-2018-1064

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateMar 28, 2018, 18:29

Weakness Type (CWE):CWE-400

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

https://access.redhat.com/errata/RHSA-2018:1396
https://access.redhat.com/errata/RHSA-2018:1929
https://bugzilla.redhat.com/show_bug.cgi?id=1550672
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html
https://usn.ubuntu.com/3680-1/
https://www.debian.org/security/2018/dsa-4137

Base Score

HIGH7.5

Weakness Type (CWE):CWE-400

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH