CVE-2013-0170
published 2013-02-08CVE-2013-0170: Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libvirt | < libvirt 0.9.12-6 (bookworm) | libvirt 0.9.12-6 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | libvirt | >= 0 < 0.9.12-6 | 0.9.12-6 |
| redhat | libvirt | >= 0 < 0.9.12-6 | 0.9.12-6 |
| redhat | libvirt | >= 0 < 0.9.12-6 | 0.9.12-6 |
| redhat | libvirt | >= 0 < 0.9.12-6 | 0.9.12-6 |
| redhat | libvirt | >= 0.10.2 < 0.10.2.3 | 0.10.2.3 |
| redhat | libvirt | >= 0.9.11 < 0.9.11.9 | 0.9.11.9 |
| redhat | libvirt | >= 0.9.6 < 0.9.6.4 | 0.9.6.4 |
| redhat | libvirt | >= 1.0.0 < 1.0.2 | 1.0.2 |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM