cbcvebase.
CVE-2011-1583
published 2011-08-12

CVE-2011-1583: Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly…

PriorityP426medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.70%
48.7th percentile
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.

Affected

9 ranges
VendorProductVersion rangeFixed in
citrixxen
citrixxen
citrixxen
citrixxen
debianxen< xen 4.1.1-1 (bookworm)xen 4.1.1-1 (bookworm)
xenxen>= 0 < 4.1.1-14.1.1-1
xenxen>= 0 < 4.1.1-14.1.1-1
xenxen>= 0 < 4.1.1-14.1.1-1
xenxen>= 0 < 4.1.1-14.1.1-1

CVSS provenance

nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.