Veracode Vulnerability DatabaseVERACODE:7304Denial Of Service (DoS)
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
libvirt.so is vulnerable to denial of service (DoS). The vulnerability is possible because the remoteDispatchDomainMemoryStats function in daemon/remote.c does not assign an uninitialized pointer to the NULL causing pointer dereferencing and allowing an authenticated users to trigger the attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libvirt.so | le | 0.2000.0 | |
| libvirt.so | le | 0.2000.0 |
References
libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0
libvirt.org/git/?p=libvirt.git;a=commit;h=e7f400a110e2e3673b96518170bfea0855dd82c0
lists.opensuse.org/opensuse-updates/2013-10/msg00023.html
lists.opensuse.org/opensuse-updates/2013-10/msg00024.html
rhn.redhat.com/errata/RHSA-2013-1272.html
rhn.redhat.com/errata/RHSA-2013-1460.html
secunia.com/advisories/60895
security.gentoo.org/glsa/glsa-201412-04.xml
wiki.libvirt.org/page/Maintenance_Releases
www.debian.org/security/2013/dsa-2764
www.ubuntu.com/usn/USN-1954-1
bugzilla.redhat.com/show_bug.cgi?id=1006173
libvirt.org/git/?p=libvirt.git;a=blobdiff;f=daemon/remote.c;h=3ac528c6101a14f41b0f785d2961656d1b759613;hp=6b082cf1f62b441eb9bac27eec409eabd704ce9e;hb=e7f400a110e2e3673b96518170bfea0855dd82c0;hpb=ab42c226278a1c1c5236c64472aef583aec39412
Related
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P