Computer Security
[EN] securityvulns.ru no-pyccku


libvirt DoS vulnerabilities
Published:04.02.2013
Source:
SecurityVulns ID:12862
Type:library
Threat Level:
5/10
Description:Few DoS conditions.
Affected:LIBVIRT : libvirt 0.10
CVE:CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.)
 CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.)
Original documentdocumentUBUNTU, [USN-1708-1] libvirt vulnerabilities (04.02.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod