CVE-2024-2494

CVSS 3.1 Score 6.2 of 10 (medium)

Details

Published Mar 21, 2024

Updated: Jun 10, 2024

CWE ID 789

Summary

CVE-2024-2494: A vulnerability was discovered in the RPC library APIs of libvirt. The RPC server's deserialization code allocates memory incorrectly, leading to a crash when a negative length is passed to the g_new0 function. This issue allows a local, unprivileged user to execute a denial of service attack by causing the libvirt daemon to crash. The flaw arises from the RPC server's failure to perform a proper length check before memory allocation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

libvirt

Affected Vendors

Libvirt

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/u-Y-aV
https://www.cve.org/CVERecord?id=CVE-2024-2494
https://nvd.nist.gov/vuln/detail/CVE-2024-2494

Back to Vulnerability Database