CVE-2013-4297 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Redhat Libvirt

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

4.0MEDIUMNVD

EPSS

0.6%

top 31.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt

Timeline

PublishedSep 30

Latest updateMay 17

Description

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶Debianredhat/libvirt< 1.1.2-2+3

▶NVDredhat/libvirt1.1.2+94

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-jmvg-q6wm-56j5: The virFileNBDDeviceAssociate function in util/virfile↗2022-05-17

▶

OSV

CVE-2013-4297: The virFileNBDDeviceAssociate function in util/virfile↗2013-09-30

▶

CVEList

CVE-2013-4297: The virFileNBDDeviceAssociate function in util/virfile↗2013-09-30

▶

📋Vendor Advisories

Red Hat

libvirt: invalid free in virFileNBDDeviceAssociate↗2013-09-03

▶

Debian

CVE-2013-4297: libvirt - The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and ea...↗2013

▶

💬Community

Bugzilla

CVE-2013-4297 CVE-2013-4291 CVE-2013-5651 libvirt: various flaws [fedora-all]↗2013-09-10

▶

Bugzilla

CVE-2013-4297 libvirt: invalid free in virFileNBDDeviceAssociate↗2013-09-10

▶