Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.3
CVSSv2

CVE-2013-1922

Published: 13/05/2013 Updated: 01/12/2013
CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4
VMScore: 294
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Xen

Vulnerability Summary

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen 4.2.0

xen xen 4.2.1

xen xen 4.2.2

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2013-1922 -- qemu-nbd block format auto-detection vulnerability
Debian Bug report logs - #705544 CVE-2013-1922 -- qemu-nbd block format auto-detection vulnerability Package: qemu-utils; Maintainer for qemu-utils is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu-utils is src:qemu (PTS, buildd, popcon) Reported by: Michael Tokarev <mjt@tlsmskru> Date: ...
Red Hat: CVE-2013-1922
qemu-nbd in QEMU, as used in Xen 42x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004 ...

References

CWE-264http://www.openwall.com/lists/oss-security/2013/04/16/2http://www.securitytracker.com/id/1028426http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104036.htmlhttp://www.openwall.com/lists/oss-security/2013/04/15/3http://secunia.com/advisories/55082http://security.gentoo.org/glsa/glsa-201309-24.xmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/103637.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705544https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-1922
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook