A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Fri, 22 Nov 2024 12:00:00 +0000


Wed, 06 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-26T06:28:47.959Z

Reserved: 2024-03-15T09:04:20.469Z

Link: CVE-2024-2494

cve-icon Vulnrichment

Updated: 2024-08-01T19:18:46.945Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-21T14:15:10.350

Modified: 2024-11-21T09:09:52.710

Link: CVE-2024-2494

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-21T00:00:00Z

Links: CVE-2024-2494 - Bugzilla

cve-icon OpenCVE Enrichment

No data.