Lucene search
MitreCVE-2013-5651HistorySep 30, 2013 - 9:55 p.m.
CVE-2013-5651
2013-09-3021:55:09
CWE-119
mitre
web.nvd.nist.gov
38
libvirt
cve-2013-5651
denial of service
out-of-bounds read
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.8
Confidence
High
EPSS
0.011
Percentile
84.7%
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.
Affected configurations
Node
redhatlibvirtRange≤1.1.1
ORredhatlibvirtMatch0.0.1
ORredhatlibvirtMatch0.0.2
ORredhatlibvirtMatch0.0.3
ORredhatlibvirtMatch0.0.4
ORredhatlibvirtMatch0.0.5
ORredhatlibvirtMatch0.0.6
ORredhatlibvirtMatch0.1.0
ORredhatlibvirtMatch0.1.1
ORredhatlibvirtMatch0.1.3
ORredhatlibvirtMatch0.1.4
ORredhatlibvirtMatch0.1.5
ORredhatlibvirtMatch0.1.6
ORredhatlibvirtMatch0.1.7
ORredhatlibvirtMatch0.1.8
ORredhatlibvirtMatch0.1.9
ORredhatlibvirtMatch0.2.0
ORredhatlibvirtMatch0.2.1
ORredhatlibvirtMatch0.2.2
ORredhatlibvirtMatch0.2.3
ORredhatlibvirtMatch0.3.0
ORredhatlibvirtMatch0.3.1
ORredhatlibvirtMatch0.3.2
ORredhatlibvirtMatch0.3.3
ORredhatlibvirtMatch0.4.0
ORredhatlibvirtMatch0.4.1
ORredhatlibvirtMatch0.4.2
ORredhatlibvirtMatch0.4.3
ORredhatlibvirtMatch0.4.4
ORredhatlibvirtMatch0.4.5
ORredhatlibvirtMatch0.4.6
ORredhatlibvirtMatch0.5.0
ORredhatlibvirtMatch0.5.1
ORredhatlibvirtMatch0.6.0
ORredhatlibvirtMatch0.6.1
ORredhatlibvirtMatch0.6.2
ORredhatlibvirtMatch0.6.3
ORredhatlibvirtMatch0.6.4
ORredhatlibvirtMatch0.6.5
ORredhatlibvirtMatch0.7.0
ORredhatlibvirtMatch0.7.1
ORredhatlibvirtMatch0.7.2
ORredhatlibvirtMatch0.7.3
ORredhatlibvirtMatch0.7.4
ORredhatlibvirtMatch0.7.5
ORredhatlibvirtMatch0.7.6
ORredhatlibvirtMatch0.7.7
ORredhatlibvirtMatch0.8.0
ORredhatlibvirtMatch0.8.1
ORredhatlibvirtMatch0.8.2
ORredhatlibvirtMatch0.8.3
ORredhatlibvirtMatch0.8.4
ORredhatlibvirtMatch0.8.5
ORredhatlibvirtMatch0.8.6
ORredhatlibvirtMatch0.8.7
ORredhatlibvirtMatch0.8.8
ORredhatlibvirtMatch0.9.0
ORredhatlibvirtMatch0.9.1
ORredhatlibvirtMatch0.9.2
ORredhatlibvirtMatch0.9.3
ORredhatlibvirtMatch0.9.4
ORredhatlibvirtMatch0.9.5
ORredhatlibvirtMatch0.9.6
ORredhatlibvirtMatch0.9.6.1
ORredhatlibvirtMatch0.9.6.2
ORredhatlibvirtMatch0.9.6.3
ORredhatlibvirtMatch0.9.7
ORredhatlibvirtMatch0.9.8
ORredhatlibvirtMatch0.9.9
ORredhatlibvirtMatch0.9.10
ORredhatlibvirtMatch0.9.11
ORredhatlibvirtMatch0.9.11.1
ORredhatlibvirtMatch0.9.11.2
ORredhatlibvirtMatch0.9.11.3
ORredhatlibvirtMatch0.9.11.4
ORredhatlibvirtMatch0.9.11.5
ORredhatlibvirtMatch0.9.11.6
ORredhatlibvirtMatch0.9.11.7
ORredhatlibvirtMatch0.9.11.8
ORredhatlibvirtMatch0.9.12
ORredhatlibvirtMatch0.9.13
ORredhatlibvirtMatch0.10.0
ORredhatlibvirtMatch0.10.1
ORredhatlibvirtMatch0.10.2
ORredhatlibvirtMatch0.10.2.1
ORredhatlibvirtMatch0.10.2.2
ORredhatlibvirtMatch0.10.2.3
ORredhatlibvirtMatch0.10.2.4
ORredhatlibvirtMatch0.10.2.5
ORredhatlibvirtMatch0.10.2.6
ORredhatlibvirtMatch0.10.2.7
ORredhatlibvirtMatch0.10.2.8
ORredhatlibvirtMatch1.0.0
ORredhatlibvirtMatch1.0.1
ORredhatlibvirtMatch1.0.2
ORredhatlibvirtMatch1.0.3
ORredhatlibvirtMatch1.0.4
ORredhatlibvirtMatch1.0.5
ORredhatlibvirtMatch1.0.5.1
ORredhatlibvirtMatch1.0.5.2
ORredhatlibvirtMatch1.0.5.3
ORredhatlibvirtMatch1.0.5.4
ORredhatlibvirtMatch1.0.5.5
ORredhatlibvirtMatch1.0.5.6
ORredhatlibvirtMatch1.0.6
ORredhatlibvirtMatch1.1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | libvirt | 0.0.1 | cpe:/a:redhat:libvirt:0.0.1::: |
| redhat | libvirt | 0.7.7 | cpe:/a:redhat:libvirt:0.7.7::: |
| redhat | libvirt | 0.9.11.8 | cpe:/a:redhat:libvirt:0.9.11.8::: |
| redhat | libvirt | 0.1.1 | cpe:/a:redhat:libvirt:0.1.1::: |
| redhat | libvirt | 0.1.7 | cpe:/a:redhat:libvirt:0.1.7::: |
| redhat | libvirt | 0.2.3 | cpe:/a:redhat:libvirt:0.2.3::: |
| redhat | libvirt | 0.3.3 | cpe:/a:redhat:libvirt:0.3.3::: |
| redhat | libvirt | 0.9.11.2 | cpe:/a:redhat:libvirt:0.9.11.2::: |
| redhat | libvirt | 0.10.2.2 | cpe:/a:redhat:libvirt:0.10.2.2::: |
| redhat | libvirt | 0.2.2 | cpe:/a:redhat:libvirt:0.2.2::: |
References
libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25
libvirt.org/news.html
lists.opensuse.org/opensuse-updates/2013-10/msg00024.html
secunia.com/advisories/60895
security.gentoo.org/glsa/glsa-201412-04.xml
www.openwall.com/lists/oss-security/2013/08/30/1
www.ubuntu.com/usn/USN-1954-1
bugzilla.redhat.com/show_bug.cgi?id=997367
Related
debiancve
debiancve
CVE-2013-5651
2013-09-30 21:55:09
prion
prion
Out-of-bounds
2013-09-30 21:55:00
ubuntucve
ubuntucve
CVE-2013-5651
2013-08-30 00:00:00
cvelist
cvelist
CVE-2013-5651
2013-09-30 21:00:00
nvd
nvd
CVE-2013-5651
2013-09-30 21:55:09
openvas
openvas
Ubuntu Update for libvirt USN-1954-1
2013-09-24 00:00:00
Ubuntu: Security Advisory (USN-1954-1)
2013-09-24 00:00:00
Mageia: Security Advisory (MGASA-2013-0294)
2022-01-28 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : libvirt vulnerabilities (USN-1954-1)
2013-09-19 00:00:00
openSUSE Security Update : libvirt (openSUSE-SU-2013:1550-1)
2014-06-13 00:00:00
SuSE 11.3 Security Update : libvirt (SAT Patch Number 8421)
2013-11-09 00:00:00
mageia
mageia
Updated libvirt package fixes security vulnerabilities
2013-10-05 21:55:44
ubuntu
ubuntu
libvirt vulnerabilities
2013-09-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libvirt version 1.1.2-alt1
2013-09-03 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: libvirt-1.0.5.6-2.fc19
2013-10-02 06:41:24
[SECURITY] Fedora 19 Update: libvirt-1.0.5.9-1.fc19
2014-01-26 11:54:32
gentoo
gentoo
libvirt: Multiple vulnerabilities
2014-12-08 00:00:00
osv
osv
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.8
Confidence
High
EPSS
0.011
Percentile
84.7%
Related for CVE-2013-5651