What is the severity of CVE-2014-3633?

CVE-2014-3633 is classified as a denial of service vulnerability that can crash the application or leak sensitive heap information.

How do I fix CVE-2014-3633?

To fix CVE-2014-3633, update libvirt to version 1.2.9 or later as it contains the necessary patches.

Which software versions are affected by CVE-2014-3633?

CVE-2014-3633 affects libvirt versions up to and including 1.2.8 and several Ubuntu Linux versions including 10.04, 12.04, and 14.04.

Can CVE-2014-3633 be exploited remotely?

Yes, CVE-2014-3633 can be exploited by remote attackers via crafted blkiotune queries.

What can happen if CVE-2014-3633 is exploited?

Exploitation of CVE-2014-3633 may lead to application crashes or exposure of sensitive information from the heap.

Vulnerability/
CVE-2014-3633

medium

5.8

CWE

119

6/10/2014

6/8/2024

CVE-2014-3633: Buffer Overflow

First published: Mon Oct 06 2014(Updated: )

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Ubuntu Linux	=10.04
Ubuntu Linux	=12.04
Ubuntu Linux	=14.04
libvirt	<=1.2.8
libvirt	=1.2.0
libvirt	=1.2.1
libvirt	=1.2.2
libvirt	=1.2.3
libvirt	=1.2.4
libvirt	=1.2.5
libvirt	=1.2.6
libvirt	=1.2.7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3633?
CVE-2014-3633 is classified as a denial of service vulnerability that can crash the application or leak sensitive heap information.
How do I fix CVE-2014-3633?
To fix CVE-2014-3633, update libvirt to version 1.2.9 or later as it contains the necessary patches.
Which software versions are affected by CVE-2014-3633?
CVE-2014-3633 affects libvirt versions up to and including 1.2.8 and several Ubuntu Linux versions including 10.04, 12.04, and 14.04.
Can CVE-2014-3633 be exploited remotely?
Yes, CVE-2014-3633 can be exploited by remote attackers via crafted blkiotune queries.
What can happen if CVE-2014-3633 is exploited?
Exploitation of CVE-2014-3633 may lead to application crashes or exposure of sensitive information from the heap.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/weakness
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/10.04
version/ubuntu linux/12.04
version/ubuntu linux/14.04
vendor/libvirt
canonical/libvirt
version/libvirt/1.2.8
version/libvirt/1.2.0
version/libvirt/1.2.1
version/libvirt/1.2.2
version/libvirt/1.2.3
version/libvirt/1.2.4
version/libvirt/1.2.5
version/libvirt/1.2.6
version/libvirt/1.2.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2014-3633?
CVE-2014-3633 is classified as a denial of service vulnerability that can crash the application or leak sensitive heap information.
How do I fix CVE-2014-3633?
To fix CVE-2014-3633, update libvirt to version 1.2.9 or later as it contains the necessary patches.
Which software versions are affected by CVE-2014-3633?
CVE-2014-3633 affects libvirt versions up to and including 1.2.8 and several Ubuntu Linux versions including 10.04, 12.04, and 14.04.
Can CVE-2014-3633 be exploited remotely?
Yes, CVE-2014-3633 can be exploited by remote attackers via crafted blkiotune queries.
What can happen if CVE-2014-3633 is exploited?
Exploitation of CVE-2014-3633 may lead to application crashes or exposure of sensitive information from the heap.