Lucene search

K

[email protected]NVD:CVE-2013-4296

HistorySep 30, 2013 - 9:55 p.m.

CVE-2013-4296

2013-09-3021:55:09

CWE-119

[email protected]

web.nvd.nist.gov

1

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

AI Score

7.4

Confidence

High

EPSS

0.01

Percentile

83.9%

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.

Affected configurations

NVD

Node

redhatlibvirtMatch0.9.1

OR

redhatlibvirtMatch0.9.2

OR

redhatlibvirtMatch0.9.3

OR

redhatlibvirtMatch0.9.4

OR

redhatlibvirtMatch0.9.5

OR

redhatlibvirtMatch0.9.6

OR

redhatlibvirtMatch0.9.7

OR

redhatlibvirtMatch0.9.8

OR

redhatlibvirtMatch0.9.9

OR

redhatlibvirtMatch0.9.10

OR

redhatlibvirtMatch0.9.11

OR

redhatlibvirtMatch0.9.12

OR

redhatlibvirtMatch0.9.13

OR

redhatlibvirtMatch0.10.0

OR

redhatlibvirtMatch0.10.1

OR

redhatlibvirtMatch0.10.2

OR

redhatlibvirtMatch0.10.2.1

OR

redhatlibvirtMatch0.10.2.2

OR

redhatlibvirtMatch0.10.2.3

OR

redhatlibvirtMatch0.10.2.4

OR

redhatlibvirtMatch0.10.2.5

OR

redhatlibvirtMatch0.10.2.6

OR

redhatlibvirtMatch0.10.2.7

OR

redhatlibvirtMatch1.0.5.1

OR

redhatlibvirtMatch1.0.5.2

OR

redhatlibvirtMatch1.0.5.3

OR

redhatlibvirtMatch1.0.5.4

OR

redhatlibvirtMatch1.0.5.5

OR

redhatlibvirtMatch1.1.0

OR

redhatlibvirtMatch1.1.1

Node

canonicalubuntu_linuxMatch10.04-lts

OR

canonicalubuntu_linuxMatch12.04-lts

OR

canonicalubuntu_linuxMatch12.10

OR

canonicalubuntu_linuxMatch13.04

Node

redhatenterprise_linuxMatch6.0

References

libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0

lists.opensuse.org/opensuse-updates/2013-10/msg00023.html

lists.opensuse.org/opensuse-updates/2013-10/msg00024.html

rhn.redhat.com/errata/RHSA-2013-1272.html

rhn.redhat.com/errata/RHSA-2013-1460.html

secunia.com/advisories/60895

security.gentoo.org/glsa/glsa-201412-04.xml

wiki.libvirt.org/page/Maintenance_Releases

www.debian.org/security/2013/dsa-2764

www.ubuntu.com/usn/USN-1954-1

bugzilla.redhat.com/show_bug.cgi?id=1006173

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

AI Score

7.4

Confidence

High

EPSS

0.01

Percentile

83.9%

Related for NVD:CVE-2013-4296

veracode3 ubuntucve1 prion1 openvas19 cve1 nessus15 debiancve1 securityvulns2 osv16 debian1 cvelist1 centos1 redhat2 oraclelinux1 fedora4 mageia1 altlinux1 ubuntu1 gentoo1