VDB
CVE-2011-1146
CVE-2011-1146
PUBLISHED
CVSS 9.300000190734863 CRITICAL
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.
EPSS 1.56% · 81.8th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.56%
81.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | libvirt | 0.8.8 |
| n/a | n/a | n/a |
Exploit Intelligence
- 43897 (circl)
- RHSA-2011:0391 (circl)
- https://bugzilla.novell.com/show_bug.cgi?id=678406 (circl)
- FEDORA-2011-3286 (circl)
- USN-1094-1 (circl)
- 43670 (circl)
- http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=71753cb7f7a16ff800381c0b5ee4e99eea92fed3 (circl)
- 44069 (circl)
- 46820 (circl)
- [oss-security] 20110309 CVE request: libvirt: several API calls do not honour read-only connection (circl)
…and 13 more exploits
Timeline
- Mar 15, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 43897 third-party-advisory
- RHSA-2011:0391 vendor-advisory
- https://bugzilla.novell.com/show_bug.cgi?id=678406 url
- FEDORA-2011-3286 vendor-advisory
- USN-1094-1 vendor-advisory
- 43670 third-party-advisory
- http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=71753cb7f7a16ff800381c0b5ee4e99eea92fed3 url
- 44069 third-party-advisory
- 46820 vdb
- [oss-security] 20110309 CVE request: libvirt: several API calls do not honour read-only connection mailing-list
- openSUSE-SU-2011:0311 vendor-advisory
- ADV-2011-0794 vdb
- DSA-2194 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=683650 url
- 1025262 vdb
- 43917 third-party-advisory
- ADV-2011-0700 vdb
- ADV-2011-0694 vdb
- [oss-security] 20110310 Re: CVE request: libvirt: several API calls do not honour read-only connection mailing-list
- 43780 third-party-advisory
…and 5 more