Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2019/12/10/1 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/09/11/2 | Mailing List Third Party Advisory |
https://github.com/firecracker-microvm/firecracker/issues/1462 | Third Party Advisory |
https://github.com/firecracker-microvm/firecracker/releases | Release Notes Third Party Advisory |
https://github.com/firecracker-microvm/firecracker/releases/tag/v0.18.1 | Release Notes Third Party Advisory |
https://github.com/firecracker-microvm/firecracker/releases/tag/v0.19.1 | Release Notes Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Sep 2022, 21:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/firecracker-microvm/firecracker/releases - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/firecracker-microvm/firecracker/releases/tag/v0.19.1 - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/firecracker-microvm/firecracker/releases/tag/v0.18.1 - Release Notes, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/09/11/2 - Mailing List, Third Party Advisory |
11 Sep 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-12-11 13:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-18960
Mitre link : CVE-2019-18960
CVE.ORG link : CVE-2019-18960
JSON object : View
Products Affected
amazon
- firecracker
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')