Updated: 2024-11-23 02:38:10.041096
Description:
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4.3 |
| CVSS Version 3.x | MEDIUM | 4.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | hivex | 1.3.3 | 4.3 | MEDIUM | Ignored | 2022-01-11 08:06:17 | ||
| CentOS 6 ELS | libvirt | 0.10.2 | 4.3 | MEDIUM | Ignored | 2025-02-18 11:21:25 | ||
| CentOS 7 ELS | hivex | 1.3.10 | 4.3 | MEDIUM | Ignored | 2024-07-02 11:10:54 | ||
| CentOS 7 ELS | libvirt | 4.5.0 | 4.3 | MEDIUM | Not Vulnerable | 2025-02-20 06:38:35 | ||
| CentOS 8.4 ELS | hivex | 1.3.18-21 | 4.3 | MEDIUM | Released | CLSA-2025:1738170241 | 2025-01-30 00:28:30 | |
| CentOS 8.4 ELS | libvirt | 6.0.0-35.1 | 4.3 | MEDIUM | Not Vulnerable | 2025-02-20 06:38:35 | ||
| CentOS 8.5 ELS | hivex | 1.3.18-21 | 4.3 | MEDIUM | Released | CLSA-2025:1738170437 | 2025-01-30 00:28:29 | |
| CentOS 8.5 ELS | libvirt | 6.0.0-37 | 4.3 | MEDIUM | Not Vulnerable | 2025-02-20 06:38:35 | ||
| CloudLinux 6 ELS | hivex | 1.3.3 | 4.3 | MEDIUM | Ignored | 2022-01-11 09:48:27 | ||
| CloudLinux 6 ELS | libvirt | 0.10.2 | 4.3 | MEDIUM | Ignored | 2025-02-18 11:21:26 |