Skip to main content

Libguestfs

4 CVEs product

Monthly

CVE-2022-2211 MEDIUM This Month

A vulnerability was found in libguestfs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libguestfs Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2013-2124 MEDIUM POC PATCH This Month

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libguestfs
NVD GitHub
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-4419 MEDIUM PATCH This Month

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary. Rated medium severity (CVSS 6.8).

Privilege Escalation Libguestfs Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-2690 LOW Monitor

virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Libguestfs
NVD
CVSS 2.0
2.1
EPSS
0.1%
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability was found in libguestfs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libguestfs +1
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libguestfs
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary. Rated medium severity (CVSS 6.8).

Privilege Escalation Libguestfs Suse Linux Enterprise Software Development Kit +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Libguestfs
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy