CVE-2013-4296Improper Restriction of Operations within the Bounds of a Memory Buffer in Redhat Libvirt

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
4.0MEDIUMNVD
EPSS
3.3%
top 12.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat LibvirtCanonical Ubuntu LinuxRedhat Enterprise Linux
Timeline
PublishedSep 30
Latest updateMay 14

Description

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

Debianredhat/libvirt< 1.1.4-1+3
NVDredhat/libvirt30 versions+29

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.04, Enterprise Linux 6.0

Patches

Patch: wiki.libvirt.orgPatch: bugzilla.redhat.comPatch: wiki.libvirt.org

🔴Vulnerability Details

3
GHSA
GHSA-vf4g-mc46-48r3: The remoteDispatchDomainMemoryStats function in daemon/remote2022-05-14
CVEList
CVE-2013-4296: The remoteDispatchDomainMemoryStats function in daemon/remote2013-09-30
OSV
CVE-2013-4296: The remoteDispatchDomainMemoryStats function in daemon/remote2013-09-30

📋Vendor Advisories

3
Ubuntu
libvirt vulnerabilities2013-09-18
Red Hat
libvirt: invalid free in remoteDispatchDomainMemoryStats2013-09-18
Debian
CVE-2013-4296: libvirt - The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1...2013

💬Community

2
Bugzilla
CVE-2013-4296 libvirt: invalid free in remoteDispatchDomainMemoryStats [fedora-all]2013-09-18
Bugzilla
CVE-2013-4296 libvirt: invalid free in remoteDispatchDomainMemoryStats2013-09-10
CVE-2013-4296 — Redhat Libvirt vulnerability | cvebase