Lucene search

K

[email protected]NVD:CVE-2013-4154

HistorySep 30, 2013 - 9:55 p.m.

CVE-2013-4154

2013-09-3021:55:09

[email protected]

web.nvd.nist.gov

4

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.6

Confidence

High

EPSS

0.014

Percentile

86.4%

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to “agent based cpu (un)plug,” as demonstrated by the “virsh vcpucount foobar --guest” command.

Affected configurations

Nvd

Node

redhatlibvirtRange≤1.1.0

OR

redhatlibvirtMatch1.0.0

OR

redhatlibvirtMatch1.0.1

OR

redhatlibvirtMatch1.0.2

OR

redhatlibvirtMatch1.0.3

OR

redhatlibvirtMatch1.0.4

OR

redhatlibvirtMatch1.0.5

OR

redhatlibvirtMatch1.0.6

References

libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=96518d4316b711c72205117f8d5c967d5127bbb6

libvirt.org/news.html

openwall.com/lists/oss-security/2013/07/19/12

bugzilla.redhat.com/show_bug.cgi?id=984821

bugzilla.redhat.com/show_bug.cgi?id=986386

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.6

Confidence

High

EPSS

0.014

Percentile

86.4%

Related for NVD:CVE-2013-4154

cvelist1 cve1 prion1 ubuntucve1 debiancve1 altlinux1 osv16