CVE-2013-4236 — Redhat Enterprise Virtualization vulnerability

5 documents5 sources

Severity

2.7LOWNVD

EPSS

0.1%

top 73.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization

Timeline

PublishedAug 19

Latest updateMay 17

Description

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 5.1 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization3.0, 3.2+1

🔴Vulnerability Details

GHSA

GHSA-jhj6-xfqh-j93v: VDSM in Red Hat Enterprise Virtualization 3 and 3↗2022-05-17

▶

CVEList

CVE-2013-4236: VDSM in Red Hat Enterprise Virtualization 3 and 3↗2013-08-19

▶

📋Vendor Advisories

Red Hat

vdsm: incomplete fix for CVE-2013-0167 issue↗2013-07-16

▶

💬Community

Bugzilla

CVE-2013-4236 vdsm: incomplete fix for CVE-2013-0167 issue↗2013-08-12

▶