Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0036Improper Restriction of Operations within the Bounds of a Memory Buffer in Libvirt

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources
Severity
4.4MEDIUMNVD
EPSS
0.3%
top 49.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Redhat LibvirtLibvirt
Timeline
PublishedFeb 11
Latest updateMay 2

Description

Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

Debianredhat/libvirt< 0.5.1-7+3
NVDlibvirt/libvirt0.5.1

🔴Vulnerability Details

3
GHSA
GHSA-wm6m-gxgr-pvq6: Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy2022-05-02
CVEList
CVE-2009-0036: Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy2009-02-11
OSV
CVE-2009-0036: Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy2009-02-11

💥Exploits & PoCs

1
Exploit-DB
libvirt_proxy 0.5.1 - Local Privilege Escalation2009-04-27

📋Vendor Advisories

2
Red Hat
libvirt: libvirt_proxy buffer overflow2009-01-27
Debian
CVE-2009-0036: libvirt - Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c i...2009

💬Community

1
Bugzilla
CVE-2009-0036 libvirt: libvirt_proxy buffer overflow2009-02-10
CVE-2009-0036 — Libvirt vulnerability | cvebase