CVE-2020-10703

CVE-2020-10703

Name

CVE-2020-10703

Description

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Patch	https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f
Patch	https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e
Exploit	https://bugzilla.redhat.com/show_bug.cgi?id=1790725
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10703
CONFIRM	https://security.netapp.com/advisory/ntap-20200608-0005/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/
secalert@redhat.com	https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5d5c732d748d644ec14626bce448e84bdc4bd93e
secalert@redhat.com	https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
secalert@redhat.com	https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=dfff16a7c261f8d28e3abe60a47165f845fa952f
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/

Type

URI

Patch

https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129

Patch

https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f

Patch

https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=1790725

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10703

CONFIRM

https://security.netapp.com/advisory/ntap-20200608-0005/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/

secalert@redhat.com

https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5d5c732d748d644ec14626bce448e84bdc4bd93e

secalert@redhat.com

https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129

secalert@redhat.com

https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=dfff16a7c261f8d28e3abe60a47165f845fa952f

secalert@redhat.com

https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html

secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:redhat:libvirt::::::::`	libvirt	>= 3.10.0	< 6.0.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*

libvirt

>= 3.10.0

< 6.0.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libvirt	3.11-main	5.9.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
libvirt	3.10-main	5.5.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libvirt

3.11-main

5.9.0-r2

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

libvirt

3.10-main

5.5.0-r2

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

References

Match rules

Vulnerable and fixed packages