CVE-2013-2124Double Free in Libguestfs

9 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libguestfs
Timeline
PublishedMay 27
Latest updateMay 17

Description

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Debianlibguestfs/libguestfs< 1:1.20.8-1+3
NVDlibguestfs/libguestfs49 versions+48

Patches

Patch: seclists.orgPatch: github.comPatch: www.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-565j-mpfh-22p5: Double free vulnerability in inspect-fs2022-05-17
CVEList
CVE-2013-2124: Double free vulnerability in inspect-fs2014-05-27
OSV
CVE-2013-2124: Double free vulnerability in inspect-fs2014-05-27

📋Vendor Advisories

2
Red Hat
libguestfs: DoS (abort) due to a double free flaw when inspecting certain guest files / images2013-05-28
Debian
CVE-2013-2124: libguestfs - Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1....2013

💬Community

3
Bugzilla
CVE-2013-2124 libguestfs: DoS (abort) due to a double free flaw when inspecting certain guest files / images [epel-5]2013-05-29
Bugzilla
CVE-2013-2124 libguestfs: DoS (abort) due to a double free flaw when inspecting certain guest files / images2013-05-29
Bugzilla
CVE-2012-2124 squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:01032012-04-20
CVE-2013-2124 — Double Free in Libguestfs | cvebase