ruby-libguestfs (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package ruby-libguestfs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (62)
CVE-2024-3446 — CVSS 8.2 (high): A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard…
CVE-2021-3750 — CVSS 8.2 (high): A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its…
CVE-2021-4207 — CVSS 8.2 (high): A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and…
CVE-2021-4206 — CVSS 8.2 (high): A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation…
CVE-2021-33287 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow…
CVE-2021-33289 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and…
CVE-2021-35266 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur…
CVE-2021-35267 — CVSS 7.8 (high): NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code…
CVE-2021-35268 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow…
CVE-2021-35269 — CVSS 7.8 (high): NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap…
CVE-2022-40284 — CVSS 7.8 (high): A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker…
CVE-2022-30789 — CVSS 7.8 (high): A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVE-2022-30788 — CVSS 7.8 (high): A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVE-2022-30786 — CVSS 7.8 (high): A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30784 — CVSS 7.8 (high): A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-46790 — CVSS 7.8 (high): ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck…
CVE-2024-4467 — CVSS 7.8 (high): A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value…
CVE-2021-39251 — CVSS 7.8 (high): A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
CVE-2021-39252 — CVSS 7.8 (high): A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
CVE-2021-39253 — CVSS 7.8 (high): A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
CVE-2021-39254 — CVSS 7.8 (high): A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function…
CVE-2021-39255 — CVSS 7.8 (high): A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.
CVE-2021-39256 — CVSS 7.8 (high): A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.
CVE-2021-39263 — CVSS 7.8 (high): A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G <…
CVE-2021-39258 — CVSS 7.8 (high): A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
CVE-2021-39259 — CVSS 7.8 (high): A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in…
CVE-2021-39261 — CVSS 7.8 (high): A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.
CVE-2021-39260 — CVSS 7.8 (high): A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
CVE-2021-39262 — CVSS 7.8 (high): A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
CVE-2021-33285 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap…
CVE-2021-33286 — CVSS 7.8 (high): In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and…
CVE-2023-3354 — CVSS 7.5 (high): A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of…
CVE-2021-3748 — CVSS 7.5 (high): A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non…
CVE-2022-26353 — CVSS 7.5 (high): A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to…
CVE-2024-7409 — CVSS 7.5 (high): A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during…
CVE-2025-11234 — CVSS 7.5 (high): A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This…
CVE-2024-7383 — CVSS 7.4 (high): A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD…
CVE-2021-4145 — CVSS 6.5 (medium): A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced…
CVE-2021-3667 — CVSS 6.5 (medium): An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath…
CVE-2022-3165 — CVSS 6.5 (medium): An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious…
CVE-2022-4144 — CVSS 6.5 (medium): An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of…
CVE-2021-20257 — CVSS 6.5 (medium): An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in…
CVE-2021-20196 — CVSS 6.5 (medium): A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport…
CVE-2021-3930 — CVSS 6.5 (medium): An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in…
CVE-2021-3975 — CVSS 6.5 (medium): A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple…
CVE-2021-3631 — CVSS 6.3 (medium): A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to…
CVE-2024-4418 — CVSS 6.2 (medium): A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop()…
CVE-2021-4158 — CVSS 6.0 (medium): A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to…
CVE-2025-49133 — CVSS 5.9 (medium): Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived…
CVE-2023-3301 — CVSS 5.6 (medium): A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the…
CVE-2021-39257 — CVSS 5.5 (medium): A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite)…
CVE-2023-1018 — CVSS 5.5 (medium): An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the…
CVE-2023-2700 — CVSS 5.5 (medium): A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that…
CVE-2022-0485 — CVSS 4.8 (medium): A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was…
CVE-2021-3622 — CVSS 4.3 (medium): A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would…
CVE-2021-3593 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input()…
CVE-2021-3592 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input()…
CVE-2021-3594 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input()…
CVE-2021-3595 — CVSS 3.8 (low): An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input()…
CVE-2020-15859 — CVSS 3.3 (low): QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to…
CVE-2022-26354 — CVSS 3.2 (low): A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing…
CVE-2021-3716 — CVSS 3.1 (low): A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use…