CVE-2013-4369 — NULL Pointer Dereference in XEN

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 82.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedOct 17

Latest updateMay 17

Description

The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.4.0-1 (bookworm)

▶Debianxen/xen< 4.4.0-1+3

▶NVDxen/xen5 versions+4

🔴Vulnerability Details

GHSA

GHSA-hh3w-5666-ggp2: The xlu_vif_parse_rate function in the libxlu library in Xen 4↗2022-05-17

▶

OSV

CVE-2013-4369: The xlu_vif_parse_rate function in the libxlu library in Xen 4↗2013-10-17

▶

📋Vendor Advisories

Red Hat

xen: possible null dereference when parsing vif ratelimiting info (XSA-68)↗2013-10-10

▶

Debian

CVE-2013-4369: xen - The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x all...↗2013

▶

💬Community

Bugzilla

CVE-2013-4371 CVE-2013-4370 CVE-2013-4368 CVE-2013-4369 CVE-2013-4375 xen: various flaws [fedora-all]↗2013-10-10

▶

Bugzilla

CVE-2013-4369 xen: possible null dereference when parsing vif ratelimiting info (XSA-68)↗2013-09-26

▶