Use of Uninitialized Resource in virt-devel:rhel/libiscsi-utils | CVE-2019-9824

Q: How to fix?

Upgrade AlmaLinux:8 virt-devel:rhel/libiscsi-utils to version 0:1.18.0-8.module_el8.3.0+2048+e7a0a3ea or higher. This issue was patched in ALSA-2019:3345 .

Threat Intelligence

0.08% (36^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-ALMALINUX8-VIRTDEVEL-5656937
published28 May 2023
disclosed5 Nov 2019

Report a new vulnerability Found a mistake?

Introduced: 5 Nov 2019

CVE-2019-9824 (opens in a new tab) CWE-908 (opens in a new tab)

How to fix?

Upgrade AlmaLinux:8 virt-devel:rhel/libiscsi-utils to version 0:1.18.0-8.module_el8.3.0+2048+e7a0a3ea or higher.
This issue was patched in ALSA-2019:3345.

NVD Description

Note: Versions mentioned in the description apply only to the upstream virt-devel:rhel/libiscsi-utils package and not the virt-devel:rhel/libiscsi-utils package as distributed by AlmaLinux. See How to fix? for AlmaLinux:8 relevant fixed versions and status.

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

Use of Uninitialized Resource Affecting virt-devel:rhel/libiscsi-utils package, versions <0:1.18.0-8.module_el8.3.0+2048+e7a0a3ea

Severity

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 5 Nov 2019

How to fix?

NVD Description

References