CVE-2011-1583
published 2011-08-12CVE-2011-1583: Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly…
PriorityP426medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.70%
48.7th percentile
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| debian | xen | < xen 4.1.1-1 (bookworm) | xen 4.1.1-1 (bookworm) |
| xen | xen | >= 0 < 4.1.1-1 | 4.1.1-1 |
| xen | xen | >= 0 < 4.1.1-1 | 4.1.1-1 |
| xen | xen | >= 0 < 4.1.1-1 | 4.1.1-1 |
| xen | xen | >= 0 < 4.1.1-1 | 4.1.1-1 |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
xen: insufficiencies in pv kernel image validation
vendor_redhat·2011-05-09·CVSS 6.9
CVE-2011-1583 [MEDIUM] xen: insufficiencies in pv kernel image validation
xen: insufficiencies in pv kernel image validation
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
Statement: This issue did not affect the versions of the Xen package as shipped with Red Hat Enterprise Linux 4 and 6. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-0496.html.
Debian
CVE-2011-1583: xen - Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3...
vendor_debian·2011·CVSS 6.9
CVE-2011-1583 [MEDIUM] CVE-2011-1583: xen - Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3...
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
Scope: local
bookworm: resolved (fixed in 4.1.1-1)
bullseye: resolved (fixed in 4.1.1-1)
forky: resolved (fixed in 4.1.1-1)
sid: resolved (fixed in 4.1.1-1)
trixie: resolved (fixed in 4.1.1-1)
GHSA
GHSA-4qc2-w83m-rm23: Multiple integer overflows in tools/libxc/xc_dom_bzimageloader
ghsa_unreviewed·2022-05-17
CVE-2011-1583 [MEDIUM] GHSA-4qc2-w83m-rm23: Multiple integer overflows in tools/libxc/xc_dom_bzimageloader
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
OSV
CVE-2011-1583: Multiple integer overflows in tools/libxc/xc_dom_bzimageloader
osv·2011-08-12·CVSS 6.9
CVE-2011-1583 [MEDIUM] CVE-2011-1583: Multiple integer overflows in tools/libxc/xc_dom_bzimageloader
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
No detection rules found.
No public exploits indexed.
http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.htmlhttp://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.htmlhttp://rhn.redhat.com/errata/RHSA-2011-0496.htmlhttp://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.htmlhttp://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.htmlhttp://rhn.redhat.com/errata/RHSA-2011-0496.html
2011-08-12
Published