CVE-2020-10701

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-10701
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10701.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-10701
Related
Published
2021-05-27T19:15:07Z
Modified
2024-10-12T05:33:08.484036Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.

References

Affected packages

Debian:11 / libvirt

Package

Name
libvirt
Purl
pkg:deb/debian/libvirt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.0-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libvirt

Package

Name
libvirt
Purl
pkg:deb/debian/libvirt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.0-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libvirt

Package

Name
libvirt
Purl
pkg:deb/debian/libvirt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.0-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libvirt/libvirt

Affected ranges

Type
GIT
Repo
https://github.com/libvirt/libvirt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

CVE-2011-1146
CVE-2011-1486
CVE-2011-2178
CVE-2012-3411
CVE-2012-3445
CVE-2012-4423
CVE-2013-0170
CVE-2013-1962
CVE-2013-2218
CVE-2013-2230
CVE-2013-4153
CVE-2013-4154
CVE-2013-4239
CVE-2013-4291
CVE-2013-4292
CVE-2013-4296
CVE-2013-4297
CVE-2013-4311
CVE-2013-4399
CVE-2013-4400-1
CVE-2013-4400-2
CVE-2013-4400-3
CVE-2013-4401
CVE-2013-5651
CVE-2013-6436
CVE-2013-6457
CVE-2013-6458-1
CVE-2013-6458-2
CVE-2013-6458-3
CVE-2013-6458-4
CVE-2013-7336
CVE-2014-0028
CVE-2014-0179
CVE-2014-1447-1
CVE-2014-1447-2
CVE-2014-3633
CVE-2014-3657
CVE-2014-7823
CVE-2014-8131-1
CVE-2014-8131-2
CVE-2014-8135
CVE-2014-8136
CVE-2015-0236-1
CVE-2015-0236-2
CVE-2015-5247-1
CVE-2015-5247-2
CVE-2015-5247-3
CVE-2015-5313
CVE-2016-5008
CVE-2017-1000256
CVE-2017-2635
LIBVIRT_0_0_3
LIBVIRT_0_0_4
LIBVIRT_0_0_5
LIBVIRT_0_1_0
LIBVIRT_0_1_1
LIBVIRT_0_1_10
LIBVIRT_0_1_11
LIBVIRT_0_1_3
LIBVIRT_0_1_4
LIBVIRT_0_1_6
LIBVIRT_0_1_7
LIBVIRT_0_1_8
LIBVIRT_0_1_9
LIBVIRT_0_2_0
LIBVIRT_0_2_1
LIBVIRT_0_2_2
LIBVIRT_0_3_0
LIBVIRT_0_3_1
LIBVIRT_0_3_2
LIBVIRT_0_3_3
LIBVIRT_0_4_1
LIBVIRT_0_4_2
LIBVIRT_0_4_4
LIBVIRT_0_4_6
LIBVIRT_0_5_0
LIBVIRT_0_5_1
LIBVIRT_0_6_0
LIBVIRT_0_6_1
LIBVIRT_0_6_2
LIBVIRT_0_6_3
LIBVIRT_0_6_4
LIBVIRT_0_6_5
LIBVIR_0_0_1
LIBVIR_0_0_2
LIVIRT_0_2_3

v0.*

v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.1.0
v0.1.1
v0.1.10
v0.1.11
v0.1.3
v0.1.4
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.10.0
v0.10.0-rc0
v0.10.0-rc1
v0.10.0-rc2
v0.10.1
v0.10.2
v0.10.2-rc1
v0.10.2-rc2
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.1
v0.4.2
v0.4.4
v0.4.6
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.9.0
v0.9.1
v0.9.10
v0.9.10-rc1
v0.9.10-rc2
v0.9.11
v0.9.11-rc1
v0.9.11-rc2
v0.9.12
v0.9.12-rc1
v0.9.12-rc2
v0.9.13
v0.9.13-rc1
v0.9.13-rc2
v0.9.2
v0.9.3
v0.9.3-rc1
v0.9.3-rc2
v0.9.4
v0.9.4-rc1
v0.9.4-rc2
v0.9.5
v0.9.5-rc1
v0.9.5-rc2
v0.9.5-rc3
v0.9.6
v0.9.7
v0.9.7-rc1
v0.9.8
v0.9.8-rc1
v0.9.8-rc2
v0.9.9
v0.9.9-rc1
v0.9.9-rc2

v1.*

v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.1
v1.0.1-rc1
v1.0.1-rc2
v1.0.2
v1.0.2-rc1
v1.0.2-rc2
v1.0.3
v1.0.3-rc1
v1.0.3-rc2
v1.0.4
v1.0.4-rc1
v1.0.4-rc2
v1.0.5
v1.0.5-rc1
v1.0.6
v1.0.6-rc1
v1.0.6-rc2
v1.1.0
v1.1.0-rc1
v1.1.0-rc2
v1.1.1
v1.1.1-rc1
v1.1.1-rc2
v1.1.2
v1.1.2-rc1
v1.1.2-rc2
v1.1.3
v1.1.3-rc1
v1.1.3-rc2
v1.1.4
v1.1.4-rc1
v1.1.4-rc2
v1.2.0
v1.2.0-rc1
v1.2.0-rc2
v1.2.1
v1.2.1-rc1
v1.2.1-rc2
v1.2.10
v1.2.10-rc1
v1.2.10-rc2
v1.2.11
v1.2.11-rc1
v1.2.11-rc2
v1.2.12
v1.2.12-rc1
v1.2.12-rc2
v1.2.13
v1.2.13-rc1
v1.2.13-rc2
v1.2.14
v1.2.14-rc1
v1.2.14-rc2
v1.2.15
v1.2.15-rc1
v1.2.15-rc2
v1.2.16
v1.2.16-rc1
v1.2.16-rc2
v1.2.17
v1.2.17-rc1
v1.2.17-rc2
v1.2.18
v1.2.18-rc1
v1.2.18-rc2
v1.2.19
v1.2.19-rc1
v1.2.19-rc2
v1.2.2
v1.2.2-rc1
v1.2.2-rc2
v1.2.20
v1.2.20-rc1
v1.2.20-rc2
v1.2.21
v1.2.21-rc1
v1.2.21-rc2
v1.2.3
v1.2.3-rc1
v1.2.3-rc2
v1.2.4
v1.2.4-rc1
v1.2.4-rc2
v1.2.5
v1.2.5-rc1
v1.2.5-rc2
v1.2.6
v1.2.6-rc1
v1.2.6-rc2
v1.2.7
v1.2.7-rc1
v1.2.7-rc2
v1.2.8
v1.2.8-rc1
v1.2.8-rc2
v1.2.9
v1.2.9-rc1
v1.2.9-rc2
v1.3.0
v1.3.0-rc1
v1.3.0-rc2
v1.3.1
v1.3.1-rc1
v1.3.1-rc2
v1.3.2
v1.3.2-rc1
v1.3.2-rc2
v1.3.3
v1.3.3-rc1
v1.3.3-rc2
v1.3.4
v1.3.4-rc1
v1.3.4-rc2
v1.3.5
v1.3.5-rc1

v2.*

v2.0.0
v2.0.0-rc1
v2.0.0-rc2
v2.1.0
v2.1.0-rc1
v2.2.0
v2.2.0-rc1
v2.2.0-rc2
v2.3.0
v2.3.0-rc1
v2.3.0-rc2
v2.4.0
v2.4.0-rc1
v2.4.0-rc2
v2.5.0
v2.5.0-rc1
v2.5.0-rc2

v3.*

v3.0.0
v3.0.0-rc1
v3.0.0-rc2
v3.1.0
v3.1.0-rc1
v3.1.0-rc2
v3.10.0
v3.10.0-rc1
v3.10.0-rc2
v3.2.0
v3.2.0-rc1
v3.2.0-rc2
v3.3.0
v3.3.0-rc1
v3.3.0-rc2
v3.4.0
v3.4.0-rc1
v3.4.0-rc2
v3.5.0
v3.5.0-rc1
v3.5.0-rc2
v3.6.0
v3.6.0-rc1
v3.6.0-rc2
v3.7.0
v3.7.0-rc1
v3.7.0-rc2
v3.8.0
v3.8.0-rc1
v3.9.0
v3.9.0-rc1
v3.9.0-rc2

v4.*

v4.0.0
v4.0.0-rc1
v4.0.0-rc2
v4.1.0
v4.1.0-rc1
v4.1.0-rc2
v4.10.0
v4.10.0-rc1
v4.10.0-rc2
v4.2.0
v4.2.0-rc1
v4.2.0-rc2
v4.3.0
v4.3.0-rc1
v4.3.0-rc2
v4.4.0
v4.4.0-rc1
v4.4.0-rc2
v4.5.0
v4.5.0-rc1
v4.5.0-rc2
v4.6.0
v4.6.0-rc1
v4.6.0-rc2
v4.7.0
v4.7.0-rc1
v4.7.0-rc2
v4.8.0
v4.8.0-rc1
v4.8.0-rc2
v4.9.0
v4.9.0-rc1

v5.*

v5.0.0
v5.0.0-rc1
v5.0.0-rc2
v5.1.0
v5.1.0-rc1
v5.1.0-rc2
v5.10.0
v5.10.0-rc1
v5.10.0-rc2
v5.2.0
v5.2.0-rc1
v5.2.0-rc2
v5.3.0
v5.3.0-rc1
v5.3.0-rc2
v5.4.0
v5.4.0-rc1
v5.4.0-rc2
v5.5.0
v5.5.0-rc1
v5.5.0-rc2
v5.6.0
v5.6.0-rc1
v5.6.0-rc2
v5.7.0
v5.7.0-rc1
v5.7.0-rc2
v5.8.0
v5.8.0-rc1
v5.8.0-rc2
v5.9.0
v5.9.0-rc1

v6.*

v6.0.0
v6.0.0-rc1
v6.0.0-rc2
v6.1.0
v6.1.0-rc1
v6.1.0-rc2
v6.2.0-rc1