Skip to main content

Ovirt Engine CVE-2016-3077

MEDIUM
Buffer Overflow (CWE-119)
2017-06-06 secalert@redhat.com
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 06, 2017 - 18:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.

AnalysisAI

The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. Affected products include: Redhat Ovirt-Engine.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2024-0822 HIGH POC
7.5 Jan 25

An authentication bypass vulnerability was found in overt-engine. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2014-7851 HIGH
7.5 Oct 16

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote au

CVE-2016-3113 MEDIUM
6.1 Aug 07

Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.

CVE-2014-0152 MEDIUM
6.8 Sep 08

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack w

CVE-2014-0151 MEDIUM
6.8 Feb 13

Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the

CVE-2020-35497 MEDIUM
6.5 Dec 21

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal informat

CVE-2022-3193 MEDIUM
6.1 Sep 28

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. Rated medium severit

CVE-2020-14333 MEDIUM
6.1 Aug 18

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable par

CVE-2020-10775 MEDIUM
5.3 Aug 24

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to r

CVE-2018-1073 MEDIUM
5.3 Jun 19

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and inv

CVE-2018-1062 MEDIUM
5.3 Mar 06

A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delet

CVE-2024-7259 MEDIUM
4.9 Sep 26

A flaw was found in oVirt. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack comp

Share

CVE-2016-3077 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy