CVE-2022-33749
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors.
References
▼ | URL | Tags | |
---|---|---|---|
security@xen.org | http://www.openwall.com/lists/oss-security/2022/10/11/4 | Mailing List, Patch, Third Party Advisory | |
security@xen.org | http://xenbits.xen.org/xsa/advisory-413.html | Patch, Vendor Advisory | |
security@xen.org | https://security.gentoo.org/glsa/202402-07 | ||
security@xen.org | https://xenbits.xenproject.org/xsa/advisory-413.txt | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/10/11/4 | Mailing List, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://xenbits.xen.org/xsa/advisory-413.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202402-07 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://xenbits.xenproject.org/xsa/advisory-413.txt | Patch, Vendor Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:09:22.664Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://xenbits.xenproject.org/xsa/advisory-413.txt" }, { "tags": [ "x_transferred" ], "url": "http://xenbits.xen.org/xsa/advisory-413.html" }, { "name": "[oss-security] 20221011 Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/11/4" }, { "name": "GLSA-202402-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-07" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Xapi", "vendor": "Xapi", "versions": [ { "status": "unknown", "version": "consult Xen advisory XSA-413" } ] } ], "descriptions": [ { "lang": "en", "value": "XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors." } ], "metrics": [ { "other": { "content": { "description": { "description_data": [ { "lang": "eng", "value": "An attacker is capable of blocking connections to the XAPI HTTP\ninterface, and also interrupt ongoing operations, causing a XAPI\ntoolstack Denial of Service. Such DoS would also affect any guests\nthat require toolstack actions." } ] } }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "unknown", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-04T08:07:28.154896", "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN" }, "references": [ { "url": "https://xenbits.xenproject.org/xsa/advisory-413.txt" }, { "url": "http://xenbits.xen.org/xsa/advisory-413.html" }, { "name": "[oss-security] 20221011 Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/11/4" }, { "name": "GLSA-202402-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202402-07" } ] } }, "cveMetadata": { "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "cveId": "CVE-2022-33749", "datePublished": "2022-10-11T00:00:00", "dateReserved": "2022-06-15T00:00:00", "dateUpdated": "2024-08-03T08:09:22.664Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-33749\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2022-10-11T13:15:10.193\",\"lastModified\":\"2024-11-21T07:08:27.957\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors.\"},{\"lang\":\"es\",\"value\":\"Es posible que un cliente no autenticado en la red cause que XAPI alcance su l\u00edmite de descriptores de archivo. Esto causa que XAPI no pueda aceptar nuevas peticiones de otros clientes (confiables), y bloquea a XAPI de llevar a cabo cualquier tarea que requiera la apertura de descriptores de archivo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xapi:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC5FE9BB-705E-4705-BF39-B671ECD8AAD0\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/11/4\",\"source\":\"security@xen.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-413.html\",\"source\":\"security@xen.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202402-07\",\"source\":\"security@xen.org\"},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-413.txt\",\"source\":\"security@xen.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/11/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-413.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202402-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-413.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.