CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29487
https://notcve.org/view.php?id=CVE-2020-29487
An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. • https://security.gentoo.org/glsa/202107-30 https://xenbits.xenproject.org/xsa/advisory-354.html • CWE-770: Allocation of Resources Without Limits or Throttling •