Vulnerability Details : CVE-2010-3851
libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2010-3851
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 26 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3851
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.7
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:N/A:N |
3.4
|
6.9
|
NIST |
CWE ids for CVE-2010-3851
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3851
-
https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html
[Libguestfs] [PATCH 0/8 v2] Complete fix for CVE-2010-3851.Patch
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html
[SECURITY] Fedora 14 Update: libguestfs-1.5.23-1Patch
-
http://www.vupen.com/english/advisories/2010/2963
Webmail | OVH- OVH
-
http://www.redhat.com/support/errata/RHSA-2011-0586.html
Support
-
https://bugzilla.redhat.com/show_bug.cgi?id=643958
643958 – (CVE-2010-3851) CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk
-
https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html
[Libguestfs] CVE-2010-3851 libguestfs: missing disk format specifier whe
-
https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html
[Libguestfs] [PATCH 0/2] First part of fix for CVE-2010-3851
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html
[SECURITY] Fedora 13 Update: libguestfs-1.6.0-1.fc13.1
-
http://www.vupen.com/english/advisories/2010/2874
Webmail | OVH- OVHVendor Advisory
-
http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/
New libguestfs stable versions | Richard WM Jones
-
http://www.securityfocus.com/bid/44166
libguestfs Disk Format Specifier Information Disclosure Vulnerability
Products affected by CVE-2010-3851
- cpe:2.3:a:libguestfs:libguestfs:*:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.20:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.21:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.15:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.14:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.9:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.6:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.0:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.1:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.19:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.18:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.10:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.5:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.17:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.16:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.8:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.11:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.2:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.3:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.13:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.12:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.4:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector
- cpe:2.3:a:libguestfs:libguestfs:1.5.7:*:*:*:*:*:*:*When used together with: Matthew Booth » Virt-v2vWhen used together with: Richard Jones » Virt-inspector