You are here

CVE-2013-4296

Vincent (CVE) Danen's picture
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.

Details Source

Mitre

Public Date

2013-09-18 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-4296 libvirt: invalid free in remoteDispatchDomainMemoryStats

Bugzilla ID

1 006 173

CVSS Status

verified

Base Score

2.90

Base Metrics

AV:A/AC:M/Au:N/C:N/I:N/A:P

Acknowledgements

This issue was discovered by Daniel P. Berrange of Red Hat.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (libvirt) RHSA-2013:1272 2013-09-19

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 libvirt Not affected
Red Hat Enterprise Linux 5 libvirt Not affected