Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-2218Double Free in Redhat Libvirt

CWE-3999 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
10.8%
top 6.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Redhat Libvirt
Timeline
PublishedSep 30
Latest updateMay 17

Description

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianredhat/libvirt< 1.1.0-1+3
NVDredhat/libvirt1.0.6

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-2rgg-xfp9-8w6f: Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf2022-05-17
OSV
CVE-2013-2218: Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf2013-09-30
CVEList
CVE-2013-2218: Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf2013-09-30

💥Exploits & PoCs

1
Exploit-DB
libvirt - 'virConnectListAllInterfaces' Method Denial of Service2013-07-01

📋Vendor Advisories

2
Red Hat
libvirt: virConnectListAllInterfaces crash2013-07-01
Debian
CVE-2013-2218: libvirt - Double free vulnerability in the virConnectListAllInterfaces method in interface...2013

💬Community

2
Bugzilla
CVE-2013-2218 libvirt: virConnectListAllInterfaces crash2013-07-01
Bugzilla
libvirt: CVE-2013-2218 libvirt: virConnectListAllInterfaces crash [fedora-all]2013-07-01
CVE-2013-2218 — Double Free in Redhat Libvirt | cvebase