CVE-2013-4292 — Redhat Libvirt vulnerability

CWE-3997 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 79.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt

Timeline

PublishedSep 30

Latest updateMay 17

Description

libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianredhat/libvirt< 1.1.2~rc2-1+3

▶NVDredhat/libvirt1.1.0, 1.1.1+1

🔴Vulnerability Details

GHSA

GHSA-xw9c-qm7m-c9wc: libvirt 1↗2022-05-17

▶

CVEList

CVE-2013-4292: libvirt 1↗2013-09-30

▶

OSV

CVE-2013-4292: libvirt 1↗2013-09-30

▶

📋Vendor Advisories

Red Hat

libvirt: unbounded RPC arrays in remote protocol↗2013-08-29

▶

Debian

CVE-2013-4292: libvirt - libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory ...↗2013

▶

💬Community

Bugzilla

CVE-2013-4292 libvirt: unbounded RPC arrays in remote protocol↗2013-08-29

▶