CVE-2011-1583 — Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN

CWE-1896 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.5%

top 33.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Citrix XEN

Timeline

PublishedAug 12

Latest updateMay 17

Description

Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.1-1 (bookworm)

▶Debianxen/xen< 4.1.1-1+3

▶NVDcitrix/xen4 versions+3

Patches

Patch: lists.xensource.com ↗Patch: lists.xensource.com ↗Patch: lists.xensource.com ↗

🔴Vulnerability Details

GHSA

GHSA-4qc2-w83m-rm23: Multiple integer overflows in tools/libxc/xc_dom_bzimageloader↗2022-05-17

▶

OSV

CVE-2011-1583: Multiple integer overflows in tools/libxc/xc_dom_bzimageloader↗2011-08-12

▶

📋Vendor Advisories

Red Hat

xen: insufficiencies in pv kernel image validation↗2011-05-09

▶

Debian

CVE-2011-1583: xen - Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3...↗2011

▶

💬Community

Bugzilla

CVE-2011-1583 CVE-2011-3262 xen: insufficiencies in pv kernel image validation↗2011-04-15

▶