A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-03-21T13:39:08.847Z
Updated: 2024-09-13T23:37:49.659Z
Reserved: 2024-03-15T09:04:20.469Z
Link: CVE-2024-2494
Vulnrichment
Updated: 2024-08-01T19:18:46.945Z
NVD
Status : Awaiting Analysis
Published: 2024-03-21T14:15:10.350
Modified: 2024-09-14T00:15:17.467
Link: CVE-2024-2494
Redhat