Bug 1321972 (CVE-2016-3077) - CVE-2016-3077 ovirt-engine: Crash of API when parsing unxepected version number
Summary: CVE-2016-3077 ovirt-engine: Crash of API when parsing unxepected version number
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-3077
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1311616 1321974 1321975
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-29 13:38 UTC by Adam Mariš
Modified: 2019-12-03 07:57 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-13 07:33:04 UTC
Embargoed:


Attachments (Terms of Use)

Description Adam Mariš 2016-03-29 13:38:09 UTC
It was found that parsing complicated kernel version numbers leads to array index out-of-bounds exception in VersionMapper.fromKernelVersionString method. A malicious user with access to VM could configure it so that it reports a version number that causes API to crash. When the VM with crafted kernel version number is reported among with other VMs, the representation retrieving operation will fail also for all other VMs.

Product bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1311616

Comment 1 Adam Mariš 2016-03-29 13:38:46 UTC
Created ovirt-engine-sdk-java tracking bugs for this issue:

Affects: fedora-all [bug 1321974]
Affects: epel-all [bug 1321975]

Comment 2 Juan Hernández 2016-03-29 13:45:11 UTC
Consider closing this bug, as the issue doesn't affect any Fedora component, only the oVirt engine server side, which isn't part of fedora.


Note You need to log in before you can comment on or make changes to this bug.