exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2024-4418

Status Candidate

Overview

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.

Related Files

Debian Security Advisory 5792-1
Posted Oct 15, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5792-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Hafiizh and YoKo Kho discovered that visiting a malicious website may lead to address bar spoofing. Narendra Bhati discovered that a malicious website may exfiltrate data cross-origin.

tags | advisory, web, spoof, vulnerability
systems | linux, debian
advisories | CVE-2024-40866, CVE-2024-44187
SHA-256 | 6c18c5c48316e22ebdd4c277dc051b11216afc79e2f4ce344b61f3d3a8f4d3ef
Download | Favorite | View
Apple Security Advisory 09-16-2024-8
Posted Sep 17, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.

tags | advisory, vulnerability
systems | apple, ios
advisories | CVE-2024-27876, CVE-2024-27879, CVE-2024-27880, CVE-2024-40791, CVE-2024-40844, CVE-2024-40850, CVE-2024-44127, CVE-2024-44158, CVE-2024-44164, CVE-2024-44165, CVE-2024-44169, CVE-2024-44171, CVE-2024-44176, CVE-2024-44183
SHA-256 | 4993b0fd28e2f9894d9a7a6b11b76fd5ab68a695255e84e47ffc88d2865ddeaf
Download | Favorite | View
Apple Security Advisory 09-16-2024-6
Posted Sep 17, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.

tags | advisory, spoof, vulnerability, xss
systems | apple
advisories | CVE-2024-40857, CVE-2024-40866, CVE-2024-44187
SHA-256 | 8565030c81e5697f1f766f9a15d6dc4896c79e31fa63809ae8174b258ad1dd69
Download | Favorite | View
Apple Security Advisory 09-16-2024-5
Posted Sep 17, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 09-16-2024-5 - visionOS 2 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.

tags | advisory, overflow, vulnerability, xss
systems | apple
advisories | CVE-2023-5841, CVE-2024-27876, CVE-2024-27880, CVE-2024-40790, CVE-2024-40825, CVE-2024-40850, CVE-2024-40857, CVE-2024-44165, CVE-2024-44167, CVE-2024-44169, CVE-2024-44176, CVE-2024-44183, CVE-2024-44187, CVE-2024-44191
SHA-256 | c33139a06c51eeb99d320b409bf3dff9bf4f6d249df655edcfd84eafd70434a2
Download | Favorite | View
Apple Security Advisory 09-16-2024-4
Posted Sep 17, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 09-16-2024-4 - watchOS 11 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.

tags | advisory, overflow, vulnerability, xss
systems | apple
advisories | CVE-2024-27880, CVE-2024-40850, CVE-2024-40857, CVE-2024-44169, CVE-2024-44170, CVE-2024-44171, CVE-2024-44176, CVE-2024-44183, CVE-2024-44187, CVE-2024-44191, CVE-2024-44198
SHA-256 | cc37085fe262bc1e832562736dee07e94a59cea8867890657c7639a8a8399592
Download | Favorite | View
Apple Security Advisory 09-16-2024-3
Posted Sep 17, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 09-16-2024-3 - tvOS 18 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.

tags | advisory, overflow, vulnerability, xss
systems | apple
advisories | CVE-2023-5841, CVE-2024-27880, CVE-2024-40850, CVE-2024-40856, CVE-2024-40857, CVE-2024-44169, CVE-2024-44176, CVE-2024-44183, CVE-2024-44187, CVE-2024-44191, CVE-2024-44198
SHA-256 | c843d6fa186a698c1ffac01558f67ac6e0b1a38e1a1b300aaa7215b653a61d6f
Download | Favorite | View
Red Hat Security Advisory 2024-4757-03
Posted Jul 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4757-03 - An update for libvirt is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-4418
SHA-256 | 791358d78547fbdfa6aef1937437d97deaee9956bc41ea04b0e20efcf5b2f77f
Download | Favorite | View
Red Hat Security Advisory 2024-4432-03
Posted Jul 10, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4432-03 - An update for libvirt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-4418
SHA-256 | fbd602ab1adca906d3a2063e368f400c721e8eb7551605f5e2eaee4487869c5e
Download | Favorite | View
Red Hat Security Advisory 2024-4351-03
Posted Jul 8, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4351-03 - An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-4418
SHA-256 | af8ebb64489a8787b50d2f7d00035c9fbc4d29b0f2722c28ed8300b38da3a1ff
Download | Favorite | View
Ubuntu Security Notice USN-6763-1
Posted May 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6763-1 - Martin Å irokov discovered that libvirt incorrectly handled certain memory operations. A local attacker could possibly use this issue to access virtproxyd without authorization.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2024-4418
SHA-256 | bf2c08727c2512c2e1c685708d13693662d532ce0a0e38ceac2e34041c213272
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close