Published: 30/09/2013 Updated: 13/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote malicious users to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat libvirt 1.0.6

Debian Bug report logs - #714699 libvirt: CVE-2013-2218: crash when listing network interfaces with filters Package: libvirt; Maintainer for libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 1 Jul 2013 20:45:01 UTC ...

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcfc in libvirt 106 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command ...

source: wwwsecurityfocuscom/bid/60876/info libvirt is prone to a denial-of-service vulnerability Attackers can exploit this issue to crash the application that uses the affected library, denying service to legitimate users # virsh -c qemu:///system --readonly iface-list --inactive ...

CWE-399 http://www.openwall.com/lists/oss-security/2013/07/01/6 https://bugzilla.redhat.com/show_bug.cgi?id=980112 http://libvirt.org/news.html http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=244e0b8cf15ca2ef48d82058e728656e6c4bad11 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714699 https://nvd.nist.gov https://www.exploit-db.com/exploits/38622/https://access.redhat.com/security/cve/cve-2013-2218

CVE-2013-2218

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect