Lucene search

K

[email protected]NVD:CVE-2013-2072

HistoryAug 28, 2013 - 9:55 p.m.

CVE-2013-2072

2013-08-2821:55:08

CWE-119

[email protected]

web.nvd.nist.gov

7.4 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.9%

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.

Affected configurations

NVD

Node

xenxenMatch4.1.0

OR

xenxenMatch4.1.1

OR

xenxenMatch4.1.2

OR

xenxenMatch4.1.3

OR

xenxenMatch4.1.4

OR

xenxenMatch4.1.5

Node

xenxenMatch4.2.0

OR

xenxenMatch4.2.1

OR

xenxenMatch4.2.2

Node

debiandebian_linuxMatch7.0

Node

xenxenMatch4.0.0

OR

xenxenMatch4.0.1

OR

xenxenMatch4.0.2

OR

xenxenMatch4.0.3

OR

xenxenMatch4.0.4

References

lists.fedoraproject.org/pipermail/package-announce/2013-May/106718.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106721.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106778.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

www.debian.org/security/2014/dsa-3041

www.openwall.com/lists/oss-security/2013/05/17/2

www.securityfocus.com/bid/59982

7.4 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.9%

Related for NVD:CVE-2013-2072

nessus11 debiancve1 ubuntucve1 fedora21 prion1 cvelist1 xen1 cve1 openvas44 debian1 securityvulns2 osv1 mageia1 suse2