Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Network

0

CVE-2020-10703

Disclosure Date: June 02, 2020 •

CVE-2020-10703 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

redhat

Products

libvirt

Weaknesses

CWE-476

References

Canonical

CVE-2020-10703 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703)

Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10703

https://bugzilla.redhat.com/show_bug.cgi?id=1790725

https://libvirt.org/git?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f

https://libvirt.org/git?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e

https://libvirt.org/git?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129

https://security.netapp.com/advisory/ntap-20200608-0005

FEDORA-2020-5cd83efda7 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2)

https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f

https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e

https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129

https://security.netapp.com/advisory/ntap-20200608-0005/

FEDORA-2020-5cd83efda7 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/)

[debian-lts-announce] 20240401 [SECURITY] [DLA 3778-1] libvirt security update (https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html)

Rapid7

Technical Analysis