MidnightBSD

Advisories for libguestfs

CVE-2010-3851 MEDIUM

libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
libguestfs libguestfs 1.5.16
libguestfs libguestfs 1.5.3
libguestfs libguestfs 1.5.18
libguestfs libguestfs 1.5.21
libguestfs libguestfs 1.5.7
libguestfs libguestfs 1.5.0
libguestfs libguestfs 1.5.1
libguestfs libguestfs 1.5.19
libguestfs libguestfs 1.5.2
libguestfs libguestfs 1.5.9
libguestfs libguestfs 1.5.20
libguestfs libguestfs 1.5.6
libguestfs libguestfs 1.5.14
libguestfs libguestfs 1.5.12
libguestfs libguestfs 1.5.13
libguestfs libguestfs 1.5.5
libguestfs libguestfs 1.5.10
libguestfs libguestfs *
libguestfs libguestfs 1.5.4
libguestfs libguestfs 1.5.8
libguestfs libguestfs 1.5.11
libguestfs libguestfs 1.5.15
libguestfs libguestfs 1.5.17
CVE-2012-2690 LOW

virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
libguestfs libguestfs 1.17.11
libguestfs libguestfs 1.17.19
libguestfs libguestfs 1.17.40
libguestfs libguestfs 1.17.21
libguestfs libguestfs 1.17.6
libguestfs libguestfs 1.17.33
libguestfs libguestfs 1.17.35
libguestfs libguestfs 1.17.37
libguestfs libguestfs 1.16.16
libguestfs libguestfs 1.17.12
libguestfs libguestfs 1.16.6
libguestfs libguestfs 1.17.24
libguestfs libguestfs 1.16.2
libguestfs libguestfs 1.16.24
libguestfs libguestfs 1.17.22
libguestfs libguestfs 1.17.1
libguestfs libguestfs 1.17.14
libguestfs libguestfs 1.16.10
libguestfs libguestfs 1.17.28
libguestfs libguestfs 1.17.36
libguestfs libguestfs 1.17.39
libguestfs libguestfs 1.16.22
libguestfs libguestfs 1.16.9
libguestfs libguestfs 1.16.11
libguestfs libguestfs 1.16.17
libguestfs libguestfs 1.16.25
libguestfs libguestfs 1.16.3
libguestfs libguestfs 1.16.1
libguestfs libguestfs 1.16.12
libguestfs libguestfs 1.17.17
libguestfs libguestfs 1.17.7
libguestfs libguestfs 1.17.26
libguestfs libguestfs 1.16.19
libguestfs libguestfs 1.17.4
libguestfs libguestfs 1.17.38
libguestfs libguestfs 1.16.4
libguestfs libguestfs 1.17.10
libguestfs libguestfs 1.17.23
libguestfs libguestfs 1.16.20
libguestfs libguestfs 1.17.2
libguestfs libguestfs 1.17.25
libguestfs libguestfs 1.17.5
libguestfs libguestfs 1.17.20
libguestfs libguestfs 1.17.42
libguestfs libguestfs 1.16.26
libguestfs libguestfs 1.17.15
libguestfs libguestfs 1.17.27
libguestfs libguestfs 1.17.29
libguestfs libguestfs 1.16.15
libguestfs libguestfs 1.17.18
libguestfs libguestfs 1.16.0
libguestfs libguestfs 1.17.8
libguestfs libguestfs 1.17.30
libguestfs libguestfs 1.16.18
libguestfs libguestfs 1.16.5
libguestfs libguestfs 1.16.8
libguestfs libguestfs 1.16.23
libguestfs libguestfs 1.17.31
libguestfs libguestfs 1.17.41
libguestfs libguestfs 1.17.13
libguestfs libguestfs 1.16.21
libguestfs libguestfs 1.17.0
libguestfs libguestfs 1.17.32
libguestfs libguestfs 1.16.13
libguestfs libguestfs 1.17.34
libguestfs libguestfs 1.16.14
libguestfs libguestfs 1.16.7
libguestfs libguestfs 1.17.3
libguestfs libguestfs 1.17.9
libguestfs libguestfs *
libguestfs libguestfs 1.17.16
CVE-2013-2124 MEDIUM

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libguestfs libguestfs 1.22.0
libguestfs libguestfs 1.20.1
libguestfs libguestfs 1.21.3
libguestfs libguestfs 1.21.29
libguestfs libguestfs 1.21.25
libguestfs libguestfs 1.21.4
libguestfs libguestfs 1.21.27
libguestfs libguestfs 1.21.36
libguestfs libguestfs 1.21.21
libguestfs libguestfs 1.20.4
libguestfs libguestfs 1.21.6
libguestfs libguestfs 1.21.14
libguestfs libguestfs 1.21.39
libguestfs libguestfs 1.21.7
libguestfs libguestfs 1.21.8
libguestfs libguestfs 1.21.18
libguestfs libguestfs 1.21.22
libguestfs libguestfs 1.21.24
libguestfs libguestfs 1.21.26
libguestfs libguestfs 1.21.28
libguestfs libguestfs 1.21.11
libguestfs libguestfs 1.20.0
libguestfs libguestfs 1.21.16
libguestfs libguestfs 1.21.33
libguestfs libguestfs 1.21.37
libguestfs libguestfs 1.21.23
libguestfs libguestfs 1.21.17
libguestfs libguestfs 1.21.19
libguestfs libguestfs 1.21.9
libguestfs libguestfs 1.21.32
libguestfs libguestfs 1.20.6
libguestfs libguestfs 1.21.20
libguestfs libguestfs 1.21.31
libguestfs libguestfs 1.21.35
libguestfs libguestfs 1.20.3
libguestfs libguestfs 1.21.10
libguestfs libguestfs 1.21.40
libguestfs libguestfs 1.21.30
libguestfs libguestfs 1.21.2
libguestfs libguestfs 1.21.15
libguestfs libguestfs 1.21.34
libguestfs libguestfs 1.23.0
libguestfs libguestfs 1.20.5
libguestfs libguestfs 1.21.12
libguestfs libguestfs 1.21.5
libguestfs libguestfs 1.21.38
libguestfs libguestfs 1.20.2
libguestfs libguestfs 1.21.13
libguestfs libguestfs 1.21.1
CVE-2013-4419 MEDIUM

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
novell suse_linux_enterprise_server 11.0
libguestfs libguestfs *
suse suse_linux_enterprise_software_development_kit 11.0
CVE-2022-2211 MEDIUM

A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
libguestfs libguestfs -