CVE-2013-0170
Published Feb 8, 2013
Last updated 2 years ago
Overview
- Description
- Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-416
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A421F4DD-0E89-4A02-829D-5D30A1B3FBDC",
"versionEndExcluding": "0.9.6.4",
"versionStartIncluding": "0.9.6"
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E51E774-E249-4315-A1B7-34AA7AEEFBE3",
"versionEndExcluding": "0.9.11.9",
"versionStartIncluding": "0.9.11"
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39BC56B2-6B0B-4350-9BEE-A7FAB521F624",
"versionEndExcluding": "0.10.2.3",
"versionStartIncluding": "0.10.2"
},
{
"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3D62E82-8001-41CF-8455-3E1F1098B51C",
"versionEndExcluding": "1.0.2",
"versionStartIncluding": "1.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"
}
],
"operator": "OR"
}
]
}
]