The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2294 advisory.

    The libvirt library contains a C API for managing and interacting with the virtualization capabilities of     Linux and other operating systems. In addition, libvirt provides tools for remote management of     virtualized systems.

    Security Fix(es):

    * libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function     (CVE-2019-3840)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : libvirt (RHSA-2019:2294)

medium Nessus Plugin ID 127708

Version 1.10

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.10 Feb 24, 2025, 3:01 PM CVSS metrics ("CVSSv3 score" set to 6.3) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H") CVSSv3 score source (changed from "manual" to none) CVSSv3 severity (based on None, severity decreased from "High" to "Medium") Plugin Feed: 202502241501
Version 1.9 Feb 18, 2025, 11:54 PM Plugin metadata (CVSS 3 Change AC:H --> AC:L where needed) Plugin Feed: 202502182354
Version 1.8 Nov 7, 2024, 2:42 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411070242
Version 1.7 May 6, 2024, 8:57 AM Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202405060857
Version 1.6 Apr 28, 2024, 3:17 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (set to "CVE-2019-3840") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404280317