5.2 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
libvirt.so is vulnerable to denial of service (DoS) attacks. The library does not properly initialize a nodemap, leading to an invalid free that can crash the application or cause arbitrary code to be executed.
CPE | Name | Operator | Version |
---|---|---|---|
libvirt.so | eq | 0.10.2 |
libvirt.org/news.html
lists.opensuse.org/opensuse-updates/2014-02/msg00060.html
secunia.com/advisories/60895
security.gentoo.org/glsa/glsa-201412-04.xml
www.ubuntu.com/usn/USN-2093-1
bugzilla.redhat.com/show_bug.cgi?id=1048629
github.com/libvirt/libvirt/commit/f9ee91d35510ccbc6fc42cef8864b291b2d220f4
www.redhat.com/archives/libvir-list/2013-December/msg01176.html
www.redhat.com/archives/libvir-list/2013-December/msg01258.html