libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libguestfs | libguestfs | 1.5.16 |
| libguestfs | libguestfs | 1.5.3 |
| libguestfs | libguestfs | 1.5.18 |
| libguestfs | libguestfs | 1.5.21 |
| libguestfs | libguestfs | 1.5.7 |
| libguestfs | libguestfs | 1.5.0 |
| libguestfs | libguestfs | 1.5.1 |
| libguestfs | libguestfs | 1.5.19 |
| libguestfs | libguestfs | 1.5.2 |
| libguestfs | libguestfs | 1.5.9 |
| libguestfs | libguestfs | 1.5.20 |
| libguestfs | libguestfs | 1.5.6 |
| libguestfs | libguestfs | 1.5.14 |
| libguestfs | libguestfs | 1.5.12 |
| libguestfs | libguestfs | 1.5.13 |
| libguestfs | libguestfs | 1.5.5 |
| libguestfs | libguestfs | 1.5.10 |
| libguestfs | libguestfs | * |
| libguestfs | libguestfs | 1.5.4 |
| libguestfs | libguestfs | 1.5.8 |
| libguestfs | libguestfs | 1.5.11 |
| libguestfs | libguestfs | 1.5.15 |
| libguestfs | libguestfs | 1.5.17 |
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libguestfs | libguestfs | 1.17.11 |
| libguestfs | libguestfs | 1.17.19 |
| libguestfs | libguestfs | 1.17.40 |
| libguestfs | libguestfs | 1.17.21 |
| libguestfs | libguestfs | 1.17.6 |
| libguestfs | libguestfs | 1.17.33 |
| libguestfs | libguestfs | 1.17.35 |
| libguestfs | libguestfs | 1.17.37 |
| libguestfs | libguestfs | 1.16.16 |
| libguestfs | libguestfs | 1.17.12 |
| libguestfs | libguestfs | 1.16.6 |
| libguestfs | libguestfs | 1.17.24 |
| libguestfs | libguestfs | 1.16.2 |
| libguestfs | libguestfs | 1.16.24 |
| libguestfs | libguestfs | 1.17.22 |
| libguestfs | libguestfs | 1.17.1 |
| libguestfs | libguestfs | 1.17.14 |
| libguestfs | libguestfs | 1.16.10 |
| libguestfs | libguestfs | 1.17.28 |
| libguestfs | libguestfs | 1.17.36 |
| libguestfs | libguestfs | 1.17.39 |
| libguestfs | libguestfs | 1.16.22 |
| libguestfs | libguestfs | 1.16.9 |
| libguestfs | libguestfs | 1.16.11 |
| libguestfs | libguestfs | 1.16.17 |
| libguestfs | libguestfs | 1.16.25 |
| libguestfs | libguestfs | 1.16.3 |
| libguestfs | libguestfs | 1.16.1 |
| libguestfs | libguestfs | 1.16.12 |
| libguestfs | libguestfs | 1.17.17 |
| libguestfs | libguestfs | 1.17.7 |
| libguestfs | libguestfs | 1.17.26 |
| libguestfs | libguestfs | 1.16.19 |
| libguestfs | libguestfs | 1.17.4 |
| libguestfs | libguestfs | 1.17.38 |
| libguestfs | libguestfs | 1.16.4 |
| libguestfs | libguestfs | 1.17.10 |
| libguestfs | libguestfs | 1.17.23 |
| libguestfs | libguestfs | 1.16.20 |
| libguestfs | libguestfs | 1.17.2 |
| libguestfs | libguestfs | 1.17.25 |
| libguestfs | libguestfs | 1.17.5 |
| libguestfs | libguestfs | 1.17.20 |
| libguestfs | libguestfs | 1.17.42 |
| libguestfs | libguestfs | 1.16.26 |
| libguestfs | libguestfs | 1.17.15 |
| libguestfs | libguestfs | 1.17.27 |
| libguestfs | libguestfs | 1.17.29 |
| libguestfs | libguestfs | 1.16.15 |
| libguestfs | libguestfs | 1.17.18 |
| libguestfs | libguestfs | 1.16.0 |
| libguestfs | libguestfs | 1.17.8 |
| libguestfs | libguestfs | 1.17.30 |
| libguestfs | libguestfs | 1.16.18 |
| libguestfs | libguestfs | 1.16.5 |
| libguestfs | libguestfs | 1.16.8 |
| libguestfs | libguestfs | 1.16.23 |
| libguestfs | libguestfs | 1.17.31 |
| libguestfs | libguestfs | 1.17.41 |
| libguestfs | libguestfs | 1.17.13 |
| libguestfs | libguestfs | 1.16.21 |
| libguestfs | libguestfs | 1.17.0 |
| libguestfs | libguestfs | 1.17.32 |
| libguestfs | libguestfs | 1.16.13 |
| libguestfs | libguestfs | 1.17.34 |
| libguestfs | libguestfs | 1.16.14 |
| libguestfs | libguestfs | 1.16.7 |
| libguestfs | libguestfs | 1.17.3 |
| libguestfs | libguestfs | 1.17.9 |
| libguestfs | libguestfs | * |
| libguestfs | libguestfs | 1.17.16 |
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libguestfs | libguestfs | 1.22.0 |
| libguestfs | libguestfs | 1.20.1 |
| libguestfs | libguestfs | 1.21.3 |
| libguestfs | libguestfs | 1.21.29 |
| libguestfs | libguestfs | 1.21.25 |
| libguestfs | libguestfs | 1.21.4 |
| libguestfs | libguestfs | 1.21.27 |
| libguestfs | libguestfs | 1.21.36 |
| libguestfs | libguestfs | 1.21.21 |
| libguestfs | libguestfs | 1.20.4 |
| libguestfs | libguestfs | 1.21.6 |
| libguestfs | libguestfs | 1.21.14 |
| libguestfs | libguestfs | 1.21.39 |
| libguestfs | libguestfs | 1.21.7 |
| libguestfs | libguestfs | 1.21.8 |
| libguestfs | libguestfs | 1.21.18 |
| libguestfs | libguestfs | 1.21.22 |
| libguestfs | libguestfs | 1.21.24 |
| libguestfs | libguestfs | 1.21.26 |
| libguestfs | libguestfs | 1.21.28 |
| libguestfs | libguestfs | 1.21.11 |
| libguestfs | libguestfs | 1.20.0 |
| libguestfs | libguestfs | 1.21.16 |
| libguestfs | libguestfs | 1.21.33 |
| libguestfs | libguestfs | 1.21.37 |
| libguestfs | libguestfs | 1.21.23 |
| libguestfs | libguestfs | 1.21.17 |
| libguestfs | libguestfs | 1.21.19 |
| libguestfs | libguestfs | 1.21.9 |
| libguestfs | libguestfs | 1.21.32 |
| libguestfs | libguestfs | 1.20.6 |
| libguestfs | libguestfs | 1.21.20 |
| libguestfs | libguestfs | 1.21.31 |
| libguestfs | libguestfs | 1.21.35 |
| libguestfs | libguestfs | 1.20.3 |
| libguestfs | libguestfs | 1.21.10 |
| libguestfs | libguestfs | 1.21.40 |
| libguestfs | libguestfs | 1.21.30 |
| libguestfs | libguestfs | 1.21.2 |
| libguestfs | libguestfs | 1.21.15 |
| libguestfs | libguestfs | 1.21.34 |
| libguestfs | libguestfs | 1.23.0 |
| libguestfs | libguestfs | 1.20.5 |
| libguestfs | libguestfs | 1.21.12 |
| libguestfs | libguestfs | 1.21.5 |
| libguestfs | libguestfs | 1.21.38 |
| libguestfs | libguestfs | 1.20.2 |
| libguestfs | libguestfs | 1.21.13 |
| libguestfs | libguestfs | 1.21.1 |
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| novell | suse_linux_enterprise_server | 11.0 |
| libguestfs | libguestfs | * |
| suse | suse_linux_enterprise_software_development_kit | 11.0 |
A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 8.0 |
| libguestfs | libguestfs | - |