Buffer overflow in Vm-memory

#VU81461 Buffer overflow in Vm-memory

Published: 2023-10-04

Vulnerability identifier: #VU81461

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13759

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vm-memory
/

Vendor: Vm-memory Project

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the read_obj() and write_obj() functions. A remote attacker can trigger memory corruption and perform a denial of service attack (loss of IP connectivity).

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vm-memory: 0.1.0 - 0.2.0

External links
http://github.com/rust-vmm/vm-memory/issues/93
http://github.com/rust-vmm/vm-memory/releases/tag/v0.1.1
http://github.com/rust-vmm/vm-memory/releases/tag/v0.2.1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in vm-memory crate