CVE-2013-4416 — Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

5.2MEDIUMNVD

EPSS

0.3%

top 48.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedNov 2

Latest updateMay 17

Description

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.

CVSS vector

AV:A/AC:M/C:N/I:N/A:CExploitability: 4.4 | Impact: 6.9

Affected Packages2 packages

▶NVDxen/xen13 versions+12

▶debiandebian/xen

🔴Vulnerability Details

GHSA

GHSA-w7q3-mcrv-7g4p: The Ocaml xenstored implementation (oxenstored) in Xen 4↗2022-05-17

▶

📋Vendor Advisories

Red Hat

xen: ocaml xenstored mishandles oversized message replies (XSA-72)↗2013-10-29

▶

Debian

CVE-2013-4416: xen - The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x a...↗2013

▶

💬Community

Bugzilla

CVE-2013-4416 xen: ocaml xenstored mishandles oversized message replies (XSA-72) [fedora-all]↗2013-10-29

▶

Bugzilla

CVE-2013-4416 xen: ocaml xenstored mishandles oversized message replies (XSA-72)↗2013-10-10

▶