From fdf503b4116cb8030279846d8c0cfeb1a9e937df Mon Sep 17 00:00:00 2001 From: Xen Project Security Team Date: Tue, 11 Oct 2022 12:45:16 +0000 Subject: [PATCH] XSA-413 CVE-2022-33749 Xensec source data: xsa.git#xsa-413-v2 Xensec source infra: xsa.git#dc3f5a339aa9b1a19b40af33b9adcdf2a572dfbf --- 2022/33xxx/CVE-2022-33749.json | 108 ++++++++++++++++++++++++++++----- 1 file changed, 93 insertions(+), 15 deletions(-) diff --git a/2022/33xxx/CVE-2022-33749.json b/2022/33xxx/CVE-2022-33749.json index 5cc1223400b..1cc696c4611 100644 --- a/2022/33xxx/CVE-2022-33749.json +++ b/2022/33xxx/CVE-2022-33749.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-33749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta" : { + "ASSIGNER" : "security@xenproject.org", + "ID" : "CVE-2022-33749" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Xapi", + "version" : { + "version_data" : [ + { + "version_affected" : "?", + "version_value" : "consult Xen advisory XSA-413" + } + ] + } + } + ] + }, + "vendor_name" : "Xapi" } - ] - } -} \ No newline at end of file + ] + } + }, + "configuration" : { + "configuration_data" : { + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "All versions of XAPI are vulnerable.\n\nSystems which are not using the XAPI toolstack are not vulnerable." + } + ] + } + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "XAPI open file limit DoS\n\nIt is possible for an unauthenticated client on the network to cause\nXAPI to hit its file-descriptor limit. This causes XAPI to be unable\nto accept new requests for other (trusted) clients, and blocks XAPI\nfrom carrying out any tasks that require the opening of file\ndescriptors." + } + ] + }, + "impact" : { + "impact_data" : { + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An attacker is capable of blocking connections to the XAPI HTTP\ninterface, and also interrupt ongoing operations, causing a XAPI\ntoolstack Denial of Service. Such DoS would also affect any guests\nthat require toolstack actions." + } + ] + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "unknown" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://xenbits.xenproject.org/xsa/advisory-413.txt" + } + ] + }, + "workaround" : { + "workaround_data" : { + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Not exposing to untrusted clients the network interface XAPI is\nlistening on will prevent the issue." + } + ] + } + } + } +}