CVE-2022-33749 - Vulnerability Details - OpenCVE

XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xen	Xapi

Configuration 1 [-]

cpe:2.3:o:xen:xapi:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/10/11/4
http://xenbits.xen.org/xsa/advisory-413.html
https://security.gentoo.org/glsa/202402-07
https://xenbits.xenproject.org/xsa/advisory-413.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: XEN

Published: 2022-10-11T00:00:00

Updated: 2024-08-03T08:09:22.664Z

Reserved: 2022-06-15T00:00:00

Link: CVE-2022-33749

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-11T13:15:10.193

Modified: 2024-11-21T07:08:27.957

Link: CVE-2022-33749

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-33749", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "dateUpdated": "2024-08-03T08:09:22.664Z", "dateReserved": "2022-06-15T00:00:00", "datePublished": "2022-10-11T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2024-02-04T08:07:28.154896"}, "descriptions": [{"lang": "en", "value": "XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors."}], "affected": [{"vendor": "Xapi", "product": "Xapi", "versions": [{"version": "consult Xen advisory XSA-413", "status": "unknown"}]}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-413.txt"}, {"url": "http://xenbits.xen.org/xsa/advisory-413.html"}, {"name": "[oss-security] 20221011 Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/10/11/4"}, {"name": "GLSA-202402-07", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202402-07"}], "metrics": [{"other": {"type": "unknown", "content": {"description": {"description_data": [{"lang": "eng", "value": "An attacker is capable of blocking connections to the XAPI HTTP\ninterface, and also interrupt ongoing operations, causing a XAPI\ntoolstack Denial of Service. Such DoS would also affect any guests\nthat require toolstack actions."}]}}}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "unknown"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:09:22.664Z"}, "title": "CVE Program Container", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-413.txt", "tags": ["x_transferred"]}, {"url": "http://xenbits.xen.org/xsa/advisory-413.html", "tags": ["x_transferred"]}, {"name": "[oss-security] 20221011 Xen Security Advisory 413 v2 (CVE-2022-33749) - XAPI open file limit DoS", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/10/11/4"}, {"name": "GLSA-202402-07", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202402-07"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xapi:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC5FE9BB-705E-4705-BF39-B671ECD8AAD0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors."}, {"lang": "es", "value": "Es posible que un cliente no autenticado en la red cause que XAPI alcance su l\u00edmite de descriptores de archivo. Esto causa que XAPI no pueda aceptar nuevas peticiones de otros clientes (confiables), y bloquea a XAPI de llevar a cabo cualquier tarea que requiera la apertura de descriptores de archivo"}], "id": "CVE-2022-33749", "lastModified": "2024-11-21T07:08:27.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-11T13:15:10.193", "references": [{"source": "security@xen.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/11/4"}, {"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-413.html"}, {"source": "security@xen.org", "url": "https://security.gentoo.org/glsa/202402-07"}, {"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-413.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/11/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-413.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202402-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-413.txt"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}