Buffer Overflow Vulnerability in Firecracker Vsock Implementation by Amazon
CVE-2019-18960

9.8CRITICAL

Key Information:

Vendor

Amazon

Status
Firecracker
Vendor
CVE Published:
11 December 2019

What is CVE-2019-18960?

The Firecracker microVM introduces a vulnerability in its vsock implementation found in versions 0.18.0 and 0.19.0. Specifically, a buffer overflow can occur, which may lead to potential application crashes. This flaw could be exploited by an attacker to cause instability in the system, highlighting the importance of maintaining updated software versions to mitigate such risks. Users are encouraged to upgrade to the fixed versions to enhance their security posture.

References

https://github.com/firecracker-microvm/firecracker/releases
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/12/10/1
x_refsource_MISC
https://github.com/firecracker-microvm/firecracker/issues...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.