Lucene search

[email protected]NVD:CVE-2013-0170

HistoryFeb 08, 2013 - 8:55 p.m.

CVE-2013-0170

2013-02-0820:55:01

CWE-416

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.018

Percentile

88.3%

JSON

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Affected configurations

Nvd

Node

redhatlibvirtRange0.9.6–0.9.6.4

redhatlibvirtRange0.9.11–0.9.11.9

redhatlibvirtRange0.10.2–0.10.2.3

redhatlibvirtRange1.0.0–1.0.2

Node

opensuseopensuseMatch12.1

opensuseopensuseMatch12.2

suselinux_enterprise_desktopMatch11sp2

suselinux_enterprise_serverMatch11sp2-

suselinux_enterprise_software_development_kitMatch11sp2

Node

fedoraprojectfedoraMatch16

fedoraprojectfedoraMatch17

fedoraprojectfedoraMatch18

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.3

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

VendorProductVersionCPE
redhatlibvirt*cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
opensuseopensuse12.1cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
opensuseopensuse12.2cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
suselinux_enterprise_software_development_kit11cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
fedoraprojectfedora16cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
fedoraprojectfedora17cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
fedoraprojectfedora18cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	libvirt	*	cpe:2.3:a:redhat:libvirt::::::::
opensuse	opensuse	12.1	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
opensuse	opensuse	12.2	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
suse	linux_enterprise_desktop	11	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*
suse	linux_enterprise_software_development_kit	11	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2::::::
fedoraproject	fedora	16	cpe:2.3:o:fedoraproject:fedora:16:::::::*
fedoraproject	fedora	17	cpe:2.3:o:fedoraproject:fedora:17:::::::*
fedoraproject	fedora	18	cpe:2.3:o:fedoraproject:fedora:18:::::::*
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*