How severe is CVE-2019-19581?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-19581?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2019-19581 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.

Related Vulnerabilities

CVE-2010-0109

MEDIUM

CVSS:6.5(Medium)

DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.

CWE-1192010

CVE-2014-7221

MEDIUM

CVSS:6.5(Medium)

TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, ...

CWE-1192014

CVE-2014-9092

MEDIUM

CVSS:6.5(Medium)

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

CWE-1192014

CVE-2014-9655

MEDIUM

CVSS:6.5(Medium)

The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a...

CWE-1192014

CVE-2015-1547

MEDIUM

CVSS:6.5(Medium)

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

CWE-1192015

CVE-2015-4407

MEDIUM

CVSS:6.5(Medium)

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request,...

CWE-1192015