CVE-2012-3445
published 2012-08-07CVE-2012-3445: The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote…
low3.5CVSS 3.1
AVNACMAuSCNINAP
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | < libvirt 0.9.12-4 (bookworm) | libvirt 0.9.12-4 (bookworm) |
| redhat | libvirt | — | — |
| redhat | libvirt | >= 0 < 0.9.12-4 | 0.9.12-4 |
| redhat | libvirt | >= 0 < 0.9.12-4 | 0.9.12-4 |
| redhat | libvirt | >= 0 < 0.9.12-4 | 0.9.12-4 |
| redhat | libvirt | >= 0 < 0.9.12-4 | 0.9.12-4 |
CVSS provenance
nvd3.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv3.5LOW