How severe is CVE-2019-19582?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-19582?

This is classified as CWE-835, which is a common weakness in software security.

CVE-2019-19582 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.

Related Vulnerabilities

CVE-2010-1282

MEDIUM

CVSS:6.5(Medium)

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

CWE-8352010

CVE-2014-8561

MEDIUM

CVSS:6.5(Medium)

imagemagick 6.8.9.6 has remote DOS via infinite loop

CWE-8352014

CVE-2015-5239

MEDIUM

CVSS:6.5(Medium)

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

CWE-8352015

CVE-2015-5278

MEDIUM

CVSS:6.5(Medium)

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors re...

CWE-8352015

CVE-2015-5694

MEDIUM

CVSS:6.5(Medium)

Designate does not enforce the DNS protocol limit concerning record set sizes

CWE-8352015

CVE-2015-7850

MEDIUM

CVSS:6.5(Medium)

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.

CWE-8352015