Lucene search

Ubuntu.comUB:CVE-2013-0170

HistoryJan 28, 2013 - 12:00 a.m.

CVE-2013-0170

2013-01-2800:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON

Use-after-free vulnerability in the virNetMessageFree function in
rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before
0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code by triggering certain errors during an RPC connection, which
causes a message to be freed without being removed from the message queue.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0170>

Notes

Author	Note
mdeslaur	code is different in oneiric and earlier, doesn’t look affected

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlibvirt< 0.9.8-2ubuntu17.7UNKNOWN
ubuntu12.10noarchlibvirt< 0.9.13-0ubuntu12.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	libvirt	< 0.9.8-2ubuntu17.7	UNKNOWN
ubuntu	12.10	noarch	libvirt	< 0.9.13-0ubuntu12.2	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2013-0170

nvd.nist.gov/vuln/detail/CVE-2013-0170

rhn.redhat.com/errata/RHSA-2013-0199.html

security-tracker.debian.org/tracker/CVE-2013-0170

ubuntu.com/security/notices/USN-1708-1

www.cve.org/CVERecord?id=CVE-2013-0170

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for UB:CVE-2013-0170