You are here

CVE-2013-1962

Vincent (CVE) Danen's picture
The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."

Details Source

Mitre

Public Date

2013-05-16 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool

Bugzilla ID

953 107

CVSS Status

verified

Base Score

5.00

Base Metrics

AV:N/AC:L/Au:N/C:N/I:N/A:P

Acknowledgements

Red Hat would like to thank Edoardo Comar of IBM for reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (libvirt) RHSA-2013:0831 2013-05-16

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 libvirt Not affected