CVE-2024-4467

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4467
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:4276
https://access.redhat.com/errata/RHSA-2024:4277
https://access.redhat.com/errata/RHSA-2024:4278
https://access.redhat.com/errata/RHSA-2024:4372
https://access.redhat.com/errata/RHSA-2024:4373
https://access.redhat.com/errata/RHSA-2024:4374
https://access.redhat.com/errata/RHSA-2024:4420
https://access.redhat.com/errata/RHSA-2024:4724
https://access.redhat.com/errata/RHSA-2024:4727
https://access.redhat.com/security/cve/CVE-2024-4467
https://bugzilla.redhat.com/show_bug.cgi?id=2278875
http://www.openwall.com/lists/oss-security/2024/07/23/2
https://access.redhat.com/errata/RHSA-2024:4276
https://access.redhat.com/errata/RHSA-2024:4277
https://access.redhat.com/errata/RHSA-2024:4278
https://access.redhat.com/errata/RHSA-2024:4372
https://access.redhat.com/errata/RHSA-2024:4373
https://access.redhat.com/errata/RHSA-2024:4374
https://access.redhat.com/errata/RHSA-2024:4420
https://access.redhat.com/errata/RHSA-2024:4724
https://access.redhat.com/errata/RHSA-2024:4727
https://access.redhat.com/security/cve/CVE-2024-4467
https://bugzilla.redhat.com/show_bug.cgi?id=2278875
https://security.netapp.com/advisory/ntap-20240822-0005/
Configurations

No configuration.

History

21 Nov 2024, 09:42

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/23/2 -
  • () https://security.netapp.com/advisory/ntap-20240822-0005/ -
References () https://access.redhat.com/errata/RHSA-2024:4276 - () https://access.redhat.com/errata/RHSA-2024:4276 -
References () https://access.redhat.com/errata/RHSA-2024:4277 - () https://access.redhat.com/errata/RHSA-2024:4277 -
References () https://access.redhat.com/errata/RHSA-2024:4278 - () https://access.redhat.com/errata/RHSA-2024:4278 -
References () https://access.redhat.com/errata/RHSA-2024:4372 - () https://access.redhat.com/errata/RHSA-2024:4372 -
References () https://access.redhat.com/errata/RHSA-2024:4373 - () https://access.redhat.com/errata/RHSA-2024:4373 -
References () https://access.redhat.com/errata/RHSA-2024:4374 - () https://access.redhat.com/errata/RHSA-2024:4374 -
References () https://access.redhat.com/errata/RHSA-2024:4420 - () https://access.redhat.com/errata/RHSA-2024:4420 -
References () https://access.redhat.com/errata/RHSA-2024:4724 - () https://access.redhat.com/errata/RHSA-2024:4724 -
References () https://access.redhat.com/errata/RHSA-2024:4727 - () https://access.redhat.com/errata/RHSA-2024:4727 -
References () https://access.redhat.com/security/cve/CVE-2024-4467 - () https://access.redhat.com/security/cve/CVE-2024-4467 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2278875 - () https://bugzilla.redhat.com/show_bug.cgi?id=2278875 -

13 Sep 2024, 22:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/07/23/2', 'source': 'secalert@redhat.com'}

23 Jul 2024, 16:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/23/2 -

23 Jul 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4724 -
  • () https://access.redhat.com/errata/RHSA-2024:4727 -

09 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4420 -

08 Jul 2024, 18:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en el comando 'info' de la utilidad de imagen de disco QEMU (qemu-img). Un archivo de imagen especialmente manipulado que contenga un valor `json:{}` que describa los dispositivos de bloque en QMP podría provocar que el proceso qemu-img en el host consuma grandes cantidades de memoria o tiempo de CPU, lo que provocaría una denegación de servicio o lectura/escritura en un archivo externo existente.
References
  • () https://access.redhat.com/errata/RHSA-2024:4372 -
  • () https://access.redhat.com/errata/RHSA-2024:4373 -
  • () https://access.redhat.com/errata/RHSA-2024:4374 -

03 Jul 2024, 00:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4276 -
  • () https://access.redhat.com/errata/RHSA-2024:4277 -
  • () https://access.redhat.com/errata/RHSA-2024:4278 -

02 Jul 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-02 16:15

Updated : 2024-11-21 09:42

NVD link : CVE-2024-4467

Mitre link : CVE-2024-4467

CVE.ORG link : CVE-2024-4467

JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption