{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-34323","assignerOrgId":"23aa2041-22e1-471f-9209-9b7396fa234f","state":"PUBLISHED","assignerShortName":"XEN","dateReserved":"2023-06-01T10:44:17.065Z","datePublished":"2024-01-05T16:30:32.305Z","dateUpdated":"2025-11-04T19:16:36.587Z"},"containers":{"cna":{"title":"xenstored: A transaction conflict can crash C Xenstored","datePublic":"2023-10-10T11:26:00.000Z","descriptions":[{"lang":"en","value":"When a transaction is committed, C Xenstored will first check\nthe quota is correct before attempting to commit any nodes.  It would\nbe possible that accounting is temporarily negative if a node has\nbeen removed outside of the transaction.\n\nUnfortunately, some versions of C Xenstored are assuming that the\nquota cannot be negative and are using assert() to confirm it.  This\nwill lead to C Xenstored crash when tools are built without -DNDEBUG\n(this is the default).\n"}],"impacts":[{"descriptions":[{"lang":"en","value":"A malicious guest could craft a transaction that will hit the C\nXenstored bug and crash it.  This will result to the inability to\nperform any further domain administration like starting new guests,\nor adding/removing resources to or from any existing guest.\n"}]}],"affected":[{"defaultStatus":"unknown","product":"Xen","vendor":"Xen","versions":[{"status":"unknown","version":"consult Xen advisory XSA-440"}]}],"configurations":[{"lang":"en","value":"All versions of Xen up to and including 4.17 are vulnerable if XSA-326\nwas ingested.\n\nAll Xen systems using C Xenstored are vulnerable.  C Xenstored built\nusing -DNDEBUG (can be specified via EXTRA_CFLAGS_XEN_TOOLS=-DNDEBUG)\nare not vulnerable.  Systems using the OCaml variant of Xenstored are\nnot vulnerable.\n"}],"workarounds":[{"lang":"en","value":"The problem can be avoided by using OCaml Xenstored variant.\n"}],"credits":[{"lang":"en","type":"finder","value":"This issue was discovered by Stanislav Uschakow and Julien Grall, all\nfrom Amazon.\n"}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-440.html"}],"providerMetadata":{"orgId":"23aa2041-22e1-471f-9209-9b7396fa234f","shortName":"XEN","dateUpdated":"2024-01-05T16:30:32.305Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-440.html","tags":["x_transferred"]},{"url":"http://xenbits.xen.org/xsa/advisory-440.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T19:16:36.587Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-476","lang":"en","description":"CWE-476 NULL Pointer Dereference"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-01-09T16:40:56.610734Z","id":"CVE-2023-34323","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-18T15:46:24.091Z"}}]}}