Lucene search
RedhatCVE-2013-6457HistoryJan 24, 2014 - 6:55 p.m.
CVE-2013-6457
2014-01-2418:55:04
CWE-264
redhat
web.nvd.nist.gov
51
cve-2013-6457
libxldomaingetnumaparameters
libvirt
denial of service
execute arbitrary code
nvd
CVSS2
5.2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
AI Score
8.7
Confidence
High
EPSS
0
Percentile
5.1%
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.
Affected configurations
Node
redhatlibvirtRange≤1.2.0
ORredhatlibvirtMatch0.0.1
ORredhatlibvirtMatch0.0.2
ORredhatlibvirtMatch0.0.3
ORredhatlibvirtMatch0.0.4
ORredhatlibvirtMatch0.0.5
ORredhatlibvirtMatch0.0.6
ORredhatlibvirtMatch0.1.0
ORredhatlibvirtMatch0.1.1
ORredhatlibvirtMatch0.1.3
ORredhatlibvirtMatch0.1.4
ORredhatlibvirtMatch0.1.5
ORredhatlibvirtMatch0.1.6
ORredhatlibvirtMatch0.1.7
ORredhatlibvirtMatch0.1.8
ORredhatlibvirtMatch0.1.9
ORredhatlibvirtMatch0.2.0
ORredhatlibvirtMatch0.2.1
ORredhatlibvirtMatch0.2.2
ORredhatlibvirtMatch0.2.3
ORredhatlibvirtMatch0.3.0
ORredhatlibvirtMatch0.3.1
ORredhatlibvirtMatch0.3.2
ORredhatlibvirtMatch0.3.3
ORredhatlibvirtMatch0.4.0
ORredhatlibvirtMatch0.4.1
ORredhatlibvirtMatch0.4.2
ORredhatlibvirtMatch0.4.3
ORredhatlibvirtMatch0.4.4
ORredhatlibvirtMatch0.4.5
ORredhatlibvirtMatch0.4.6
ORredhatlibvirtMatch0.5.0
ORredhatlibvirtMatch0.5.1
ORredhatlibvirtMatch0.6.0
ORredhatlibvirtMatch0.6.1
ORredhatlibvirtMatch0.6.2
ORredhatlibvirtMatch0.6.3
ORredhatlibvirtMatch0.6.4
ORredhatlibvirtMatch0.6.5
ORredhatlibvirtMatch0.7.0
ORredhatlibvirtMatch0.7.1
ORredhatlibvirtMatch0.7.2
ORredhatlibvirtMatch0.7.3
ORredhatlibvirtMatch0.7.4
ORredhatlibvirtMatch0.7.5
ORredhatlibvirtMatch0.7.6
ORredhatlibvirtMatch0.7.7
ORredhatlibvirtMatch0.8.0
ORredhatlibvirtMatch0.8.1
ORredhatlibvirtMatch0.8.2
ORredhatlibvirtMatch0.8.3
ORredhatlibvirtMatch0.8.4
ORredhatlibvirtMatch0.8.5
ORredhatlibvirtMatch0.8.6
ORredhatlibvirtMatch0.8.7
ORredhatlibvirtMatch0.8.8
ORredhatlibvirtMatch0.9.0
ORredhatlibvirtMatch0.9.1
ORredhatlibvirtMatch0.9.2
ORredhatlibvirtMatch0.9.3
ORredhatlibvirtMatch0.9.4
ORredhatlibvirtMatch0.9.5
ORredhatlibvirtMatch0.9.6
ORredhatlibvirtMatch0.9.6.1
ORredhatlibvirtMatch0.9.6.2
ORredhatlibvirtMatch0.9.6.3
ORredhatlibvirtMatch0.9.7
ORredhatlibvirtMatch0.9.8
ORredhatlibvirtMatch0.9.9
ORredhatlibvirtMatch0.9.10
ORredhatlibvirtMatch0.9.11
ORredhatlibvirtMatch0.9.11.1
ORredhatlibvirtMatch0.9.11.2
ORredhatlibvirtMatch0.9.11.3
ORredhatlibvirtMatch0.9.11.4
ORredhatlibvirtMatch0.9.11.5
ORredhatlibvirtMatch0.9.11.6
ORredhatlibvirtMatch0.9.11.7
ORredhatlibvirtMatch0.9.11.8
ORredhatlibvirtMatch0.9.12
ORredhatlibvirtMatch0.9.13
ORredhatlibvirtMatch0.10.0
ORredhatlibvirtMatch0.10.1
ORredhatlibvirtMatch0.10.2
ORredhatlibvirtMatch0.10.2.1
ORredhatlibvirtMatch0.10.2.2
ORredhatlibvirtMatch0.10.2.3
ORredhatlibvirtMatch0.10.2.4
ORredhatlibvirtMatch0.10.2.5
ORredhatlibvirtMatch0.10.2.6
ORredhatlibvirtMatch0.10.2.7
ORredhatlibvirtMatch0.10.2.8
ORredhatlibvirtMatch1.0.0
ORredhatlibvirtMatch1.0.1
ORredhatlibvirtMatch1.0.2
ORredhatlibvirtMatch1.0.3
ORredhatlibvirtMatch1.0.4
ORredhatlibvirtMatch1.0.5
ORredhatlibvirtMatch1.0.5.1
ORredhatlibvirtMatch1.0.5.2
ORredhatlibvirtMatch1.0.5.3
ORredhatlibvirtMatch1.0.5.4
ORredhatlibvirtMatch1.0.5.5
ORredhatlibvirtMatch1.0.5.6
ORredhatlibvirtMatch1.0.6
ORredhatlibvirtMatch1.1.0
ORredhatlibvirtMatch1.1.1
ORredhatlibvirtMatch1.1.2
ORredhatlibvirtMatch1.1.3
ORredhatlibvirtMatch1.1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | libvirt | * | cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.1 | cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.2 | cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.3 | cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.4 | cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.5 | cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.6 | cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:* |
| redhat | libvirt | 0.1.0 | cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:* |
| redhat | libvirt | 0.1.1 | cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:* |
| redhat | libvirt | 0.1.3 | cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:* |
References
libvirt.org/news.html
lists.opensuse.org/opensuse-updates/2014-02/msg00060.html
secunia.com/advisories/60895
security.gentoo.org/glsa/glsa-201412-04.xml
www.ubuntu.com/usn/USN-2093-1
bugzilla.redhat.com/show_bug.cgi?id=1048629
www.redhat.com/archives/libvir-list/2013-December/msg01176.html
www.redhat.com/archives/libvir-list/2013-December/msg01258.html
Related
cvelist
cvelist
CVE-2013-6457
2014-01-24 18:00:00
debiancve
debiancve
CVE-2013-6457
2014-01-24 18:55:04
veracode
veracode
Denial Of Service (DoS)
2018-08-14 10:17:03
nvd
nvd
CVE-2013-6457
2014-01-24 18:55:04
prion
prion
Command injection
2014-01-24 18:55:00
ubuntucve
ubuntucve
CVE-2013-6457
2014-01-24 00:00:00
nessus
nessus
openSUSE Security Update : libvirt (openSUSE-SU-2014:0268-1)
2014-06-13 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.10 : libvirt vulnerabilities (USN-2093-1)
2014-01-31 00:00:00
GLSA-201412-04 : libvirt: Multiple vulnerabilities
2014-12-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2093-1)
2014-02-03 00:00:00
Ubuntu Update for libvirt USN-2093-1
2014-02-03 00:00:00
Gentoo Security Advisory GLSA 201412-04
2015-09-29 00:00:00
ubuntu
ubuntu
libvirt vulnerabilities
2014-01-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libvirt version 1.2.2-alt1
2014-03-05 00:00:00
f5
f5
SOL16117 - Multiple libvirt vulnerabilities
2015-02-12 00:00:00
K16117 : Multiple libvirt vulnerabilities
2015-02-12 00:00:00
gentoo
gentoo
libvirt: Multiple vulnerabilities
2014-12-08 00:00:00
osv
osv
libvirt-2.5.0-1.1 on GA media
2024-06-15 00:00:00
CVE-2019-3840
2019-03-27 13:29:01
CVE-2021-3975
2022-08-23 20:15:08
CVSS2
5.2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
AI Score
8.7
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVE-2013-6457