CVE-2013-0170Use After Free in Redhat Libvirt

CWE-416Use After Free9 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
20.2%
top 4.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Redhat LibvirtCanonical Ubuntu LinuxFedoraproject Fedora+8 more
Timeline
PublishedFeb 8
Latest updateMay 5

Description

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages9 packages

NVDredhat/libvirt0.9.60.9.6.4+3
Debianredhat/libvirt< 0.9.12-6+3
NVDopensuse/opensuse12.1, 12.2+1

Also affects: Fedora 16, 17, 18, Ubuntu Linux 12.04, 12.10, Enterprise Linux 6.3

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-rhxc-pp54-8x28: Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient2022-05-05
CVEList
CVE-2013-0170: Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient2013-02-08
OSV
CVE-2013-0170: Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient2013-02-08

📋Vendor Advisories

3
Ubuntu
libvirt vulnerabilities2013-01-29
Red Hat
libvirt: use-after-free in virNetMessageFree()2013-01-28
Debian
CVE-2013-0170: libvirt - Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserv...2013

💬Community

2
Bugzilla
CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() [fedora-all]2013-01-28
Bugzilla
CVE-2013-0170 libvirt: use-after-free in virNetMessageFree()2013-01-09
CVE-2013-0170 — Use After Free in Redhat Libvirt | cvebase