CVE-2012-4423 — Redhat Libvirt vulnerability

9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

2.9%

top 13.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt

Timeline

PublishedNov 19

Latest updateMay 17

Description

The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianredhat/libvirt< 0.9.12-5+3

▶NVDredhat/libvirt0.10.1+70

🔴Vulnerability Details

GHSA

GHSA-82q7-xh57-cm62: The virNetServerProgramDispatchCall function in libvirt before 0↗2022-05-17

▶

CVEList

CVE-2012-4423: The virNetServerProgramDispatchCall function in libvirt before 0↗2012-11-19

▶

OSV

CVE-2012-4423: The virNetServerProgramDispatchCall function in libvirt before 0↗2012-11-19

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerabilities↗2013-01-29

▶

Red Hat

libvirt: null function pointer invocation in virNetServerProgramDispatchCall()↗2012-07-24

▶

Debian

CVE-2012-4423: libvirt - The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows rem...↗2012

▶

💬Community

Bugzilla

CVE-2012-4423 libvirt: null function pointer invocation in virNetServerProgramDispatchCall() [fedora-all]↗2012-09-13

▶

Bugzilla

CVE-2012-4423 libvirt: null function pointer invocation in virNetServerProgramDispatchCall()↗2012-09-13

▶