CVE-2011-2511 — Integer Overflow or Wraparound in Redhat Libvirt

CWE-189 CWE-190 — Integer Overflow or Wraparound10 documents9 sources

Severity

4.0MEDIUMNVD

EPSS

3.4%

top 12.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt

Timeline

PublishedAug 10

Latest updateMay 17

Description

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶Debianredhat/libvirt< 0.9.2-7+3

▶NVDredhat/libvirt0.9.2+57

Patches

Patch: www.openwall.com ↗Patch: www.redhat.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-vxfh-2pc2-vcmc: Integer overflow in libvirt before 0↗2022-05-17

▶

CVEList

CVE-2011-2511: Integer overflow in libvirt before 0↗2011-08-10

▶

OSV

CVE-2011-2511: Integer overflow in libvirt before 0↗2011-08-10

▶

💥Exploits & PoCs

Exploit-DB

SAP NetWeaver Dispatcher - Multiple Vulnerabilities↗2012-05-09

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerability↗2011-07-28

▶

Red Hat

libvirt: integer overflow in VirDomainGetVcpus↗2011-06-24

▶

Debian

CVE-2011-2511: libvirt - Integer overflow in libvirt before 0.9.3 allows remote authenticated users to ca...↗2011

▶

💬Community

Bugzilla

CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus [fedora-all]↗2011-06-28

▶

Bugzilla

CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus↗2011-06-28

▶