2 results (0.001 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors. Es posible que un cliente no autenticado en la red cause que XAPI alcance su límite de descriptores de archivo. Esto causa que XAPI no pueda aceptar nuevas peticiones de otros clientes (confiables), y bloquea a XAPI de llevar a cabo cualquier tarea que requiera la apertura de descriptores de archivo • http://www.openwall.com/lists/oss-security/2022/10/11/4 http://xenbits.xen.org/xsa/advisory-413.html https://security.gentoo.org/glsa/202402-07 https://xenbits.xenproject.org/xsa/advisory-413.txt • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. • https://security.gentoo.org/glsa/202107-30 https://xenbits.xenproject.org/xsa/advisory-354.html • CWE-770: Allocation of Resources Without Limits or Throttling •