CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
86.4%
The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent
is not configured, allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via vectors related to “agent based
cpu (un)plug,” as demonstrated by the “virsh vcpucount foobar --guest”
command.
Author | Note |
---|---|
mdeslaur | Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=d47eff88fe50e43a36671f6d8d0eeda52835d5e0 which is in 1.1.0 |
openwall.com/lists/oss-security/2013/07/19/12
bugzilla.redhat.com/show_bug.cgi?id=986386
launchpad.net/bugs/cve/CVE-2013-4154
nvd.nist.gov/vuln/detail/CVE-2013-4154
security-tracker.debian.org/tracker/CVE-2013-4154
www.cve.org/CVERecord?id=CVE-2013-4154
www.redhat.com/archives/libvir-list/2013-July/msg00992.html