CVE-2009-0036
published 2009-02-11CVE-2009-0036: Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a…
medium4.4CVSS 3.1
AVLACMAuNCPIPAP
EXPLOIT
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | < libvirt 0.5.1-7 (bookworm) | libvirt 0.5.1-7 (bookworm) |
| libvirt | libvirt | — | — |
| redhat | libvirt | >= 0 < 0.5.1-7 | 0.5.1-7 |
| redhat | libvirt | >= 0 < 0.5.1-7 | 0.5.1-7 |
| redhat | libvirt | >= 0 < 0.5.1-7 | 0.5.1-7 |
| redhat | libvirt | >= 0 < 0.5.1-7 | 0.5.1-7 |
CVSS provenance
nvd4.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM