Lucene search

[email protected]CVE-2013-4370

HistoryOct 17, 2013 - 11:55 p.m.

CVE-2013-4370

2013-10-1723:55:04

CWE-119

[email protected]

web.nvd.nist.gov

xen

ocaml

binding

vulnerability

heap corruption

denial of service

code execution

memory

nvd

cve-2013-4370

7.4 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free.

Affected configurations

NVD

Node

xenxenMatch4.2.0

xenxenMatch4.2.1

xenxenMatch4.2.2

xenxenMatch4.2.3

xenxenMatch4.3.0

CPENameOperatorVersion
xen:xenxeneq4.2.0
xen:xenxeneq4.2.1
xen:xenxeneq4.2.2
xen:xenxeneq4.2.3
xen:xenxeneq4.3.0

CPE	Name	Operator	Version
xen:xen	xen	eq	4.2.0
xen:xen	xen	eq	4.2.1
xen:xen	xen	eq	4.2.2
xen:xen	xen	eq	4.2.3
xen:xen	xen	eq	4.3.0

References

seclists.org/oss-sec/2013/q4/att-61/xsa69.patch

security.gentoo.org/glsa/glsa-201407-03.xml

www.openwall.com/lists/oss-security/2013/10/10/13

7.4 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2013-4370

ubuntucve1 prion1 xen1 cvelist1 nvd1 debiancve1 nessus6 openvas41 fedora23 gentoo1