CVE-2013-4239Improper Restriction of Operations within the Bounds of a Memory Buffer in Redhat Libvirt

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
4.0MEDIUMNVD
EPSS
0.6%
top 31.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Libvirt
Timeline
PublishedSep 30
Latest updateMay 17

Description

The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

Debianredhat/libvirt< 1.1.2~rc1-1+3
NVDredhat/libvirt1.1.1

Patches

Patch: www.openwall.comPatch: bugzilla.redhat.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-5vqx-jv2p-m95q: The xenDaemonListDefinedDomains function in xen/xend_internal2022-05-17
OSV
CVE-2013-4239: The xenDaemonListDefinedDomains function in xen/xend_internal2013-09-30
CVEList
CVE-2013-4239: The xenDaemonListDefinedDomains function in xen/xend_internal2013-09-30

📋Vendor Advisories

2
Red Hat
libvirt: memory corruption in xenDaemonListDefinedDomains function2013-08-05
Debian
CVE-2013-4239: libvirt - The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1...2013

💬Community

2
Bugzilla
CVE-2013-4239 libvirt: memory corruption in xenDaemonListDefinedDomains function2013-08-12
Bugzilla
CVE-2013-4239 libvirt: memory corruption in xenDaemonListDefinedDomains function [fedora-all]2013-08-12
CVE-2013-4239 — Redhat Libvirt vulnerability | cvebase