Nixpkgs security tracker
Untriaged
Permalink
CVE-2024-31420
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Cnv: dos through repeatedly calling vm-dump-metrics until virt handler crashes
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
References
Affected products
cnv
- ==4.15.0
- ==4.15.0
kubevirt
Matching in nixpkgs
pkgs.kubevirt
Client tool to use advanced features such as console access
pkgs.vimPlugins.scnvim
None
-
nixos-unstable 2024-09-16
- nixpkgs-unstable 2024-09-16
- nixos-unstable-small 2024-09-16
pkgs.python311Packages.cnvkit
Python library and command-line software toolkit to infer and visualize copy number from high-throughput DNA sequencing data
pkgs.python312Packages.cnvkit
Python library and command-line software toolkit to infer and visualize copy number from high-throughput DNA sequencing data
Package maintainers
-
@haslersn Sebastian Hasler <haslersn@fius.informatik.uni-stuttgart.de>
-
@jbedo Justin Bedő <cu@cua0.org>