Lucene search

[email protected]CVE-2013-4371

HistoryOct 17, 2013 - 11:55 p.m.

CVE-2013-4371

2013-10-1723:55:04

CWE-399

[email protected]

web.nvd.nist.gov

cve-2013-4371

xen 4.2.x

xen 4.3.x

vulnerability

memory pressure

heap corruption

denial of service

nvd

7.2 High

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running “under memory pressure,” returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.

Affected configurations

NVD

Node

xenxenMatch4.2.0

xenxenMatch4.2.1

xenxenMatch4.2.2

xenxenMatch4.2.3

xenxenMatch4.3.0

CPENameOperatorVersion
xen:xenxeneq4.2.0
xen:xenxeneq4.2.1
xen:xenxeneq4.2.2
xen:xenxeneq4.2.3
xen:xenxeneq4.3.0

CPE	Name	Operator	Version
xen:xen	xen	eq	4.2.0
xen:xen	xen	eq	4.2.1
xen:xen	xen	eq	4.2.2
xen:xen	xen	eq	4.2.3
xen:xen	xen	eq	4.3.0

References

security.gentoo.org/glsa/glsa-201407-03.xml

www.openwall.com/lists/oss-security/2013/10/10/12

7.2 High

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2013-4371

cvelist1 nvd1 prion1 ubuntucve1 debiancve1 xen1 nessus6 openvas41 fedora23 gentoo1