AZL-38665

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-38665.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-38665

Upstream

CVE-2024-2494

Published

2024-03-21T14:15:10Z

Modified

2026-04-01T05:23:48.063380Z

Summary

CVE-2024-2494 affecting package libvirt for versions less than 10.0.0-4

Details

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-2494

Affected packages

Azure Linux:3 / libvirt

Package

Name: libvirt
Purl: pkg:rpm/azure-linux/libvirt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.0.0-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-38665.json"