Published: 31/05/2011 Updated: 13/02/2023

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

VMScore: 294

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

libvirtd in libvirt prior to 0.9.0 does not use thread-safe error reporting, which allows remote malicious users to cause a denial of service (crash) by causing multiple threads to report errors at the same time.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat libvirt 0.4.1
redhat libvirt 0.8.6
redhat libvirt 0.4.5
redhat libvirt 0.7.5
redhat libvirt 0.0.6
redhat libvirt 0.5.0
redhat libvirt 0.7.2
redhat libvirt 0.1.1
redhat libvirt 0.0.3
redhat libvirt 0.1.7
redhat libvirt 0.0.1
redhat libvirt 0.2.0
redhat libvirt 0.7.4
redhat libvirt 0.4.4
redhat libvirt 0.3.3
redhat libvirt 0.0.2
redhat libvirt 0.1.8
redhat libvirt 0.3.0
redhat libvirt 0.1.3
redhat libvirt 0.1.9
redhat libvirt 0.4.2
redhat libvirt 0.8.5
redhat libvirt 0.8.7
redhat libvirt 0.7.7
redhat libvirt 0.6.4
redhat libvirt 0.3.1
redhat libvirt 0.1.6
redhat libvirt 0.6.5
redhat libvirt 0.8.2
redhat libvirt 0.8.1
redhat libvirt 0.2.2
redhat libvirt 0.8.3
redhat libvirt 0.7.1
redhat libvirt 0.2.3
redhat libvirt 0.0.4
redhat libvirt 0.1.0
redhat libvirt 0.6.2
redhat libvirt 0.6.3
redhat libvirt 0.4.3
redhat libvirt 0.5.1
redhat libvirt 0.7.6
redhat libvirt 0.7.3
redhat libvirt 0.6.1
redhat libvirt 0.1.4
redhat libvirt 0.8.4
redhat libvirt
redhat libvirt 0.4.6
redhat libvirt 0.1.5
redhat libvirt 0.7.0
redhat libvirt 0.4.0
redhat libvirt 0.0.5
redhat libvirt 0.2.1
redhat libvirt 0.6.0
redhat libvirt 0.8.0
redhat libvirt 0.3.2

Libvirt could be made to crash or read arbitrary files on the host ...

Debian Bug report logs - #623222 CVE-2011-1486: Error handling not thread-safe Package: libvirt; Maintainer for libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Mon, 18 Apr 2011 13:48:01 UTC Severity: important T ...

Debian Bug report logs - #633630 CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 12 Jul 2011 10:30:56 UTC Seve ...

It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow (CVE-2011-2511) Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe (CVE-2011-1486) For the stable distribution (squeeze), these problems have been fixed in v ...

CWE-399 https://bugzilla.redhat.com/show_bug.cgi?id=693391 http://securitytracker.com/id?1025477 http://secunia.com/advisories/44459 http://support.avaya.com/css/P8/documents/100134583 https://www.redhat.com/archives/libvir-list/2011-March/msg01087.html http://www.redhat.com/support/errata/RHSA-2011-0478.html http://www.securityfocus.com/bid/47148 http://www.redhat.com/support/errata/RHSA-2011-0479.html http://www.debian.org/security/2011/dsa-2280 http://www.ubuntu.com/usn/USN-1152-1 http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f44bfb7fb978c9313ce050a1c4149bf04aa0a670 https://usn.ubuntu.com/1152-1/https://nvd.nist.gov

CVE-2011-1486

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect