Published: 30/09/2013 Updated: 13/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 up to and including 1.1.0 allows remote malicious users to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat libvirt 1.0.6
redhat libvirt 1.1.0

Debian Bug report logs - #717355 libvirt: CVE-2013-4154: crash of libvirtd without guest agent configuration Package: libvirt; Maintainer for libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Henri Salo <henri@nervfi> Date: Fri, 19 Jul 2013 17:51:06 UTC Severity: i ...

Debian Bug report logs - #717354 libvirt: CVE-2013-4153: double free of returned JSON array in qemuAgentGetVCPUs() Package: libvirt; Maintainer for libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Henri Salo <henri@nervfi> Date: Fri, 19 Jul 2013 17:51:01 UTC Sever ...

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agentc in libvirt 106 through 110 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command ...

CWE-399 https://bugzilla.redhat.com/show_bug.cgi?id=984821 http://libvirt.org/news.html https://bugzilla.redhat.com/show_bug.cgi?id=986383 http://openwall.com/lists/oss-security/2013/07/19/11 http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=dfc692350a04a70b4ca65667c30869b3bfdaf034 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717355 https://access.redhat.com/security/cve/cve-2013-4153

CVE-2013-4153

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect