Vulnerability Details : CVE-2013-4296
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-4296
Probability of exploitation activity in the next 30 days: 1.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4296
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2013-4296
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4296
-
http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html
openSUSE-SU-2013:1550-1: moderate: libvirt: security and bugfix update
-
http://www.ubuntu.com/usn/USN-1954-1
USN-1954-1: libvirt vulnerabilities | Ubuntu security noticesVendor Advisory
-
http://wiki.libvirt.org/page/Maintenance_Releases
Maintenance Releases - Libvirt WikiPatch
-
http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html
openSUSE-SU-2013:1549-1: moderate: libvirt: fixed security bugs
-
http://security.gentoo.org/glsa/glsa-201412-04.xml
libvirt: Multiple vulnerabilities (GLSA 201412-04) — Gentoo security
-
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0
libvirt.org Git
-
http://www.debian.org/security/2013/dsa-2764
Debian -- Security Information -- DSA-2764-1 libvirt
-
http://rhn.redhat.com/errata/RHSA-2013-1272.html
RHSA-2013:1272 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1006173
1006173 – (CVE-2013-4296) CVE-2013-4296 libvirt: invalid free in remoteDispatchDomainMemoryStatsPatch
-
http://rhn.redhat.com/errata/RHSA-2013-1460.html
RHSA-2013:1460 - Security Advisory - Red Hat Customer Portal
Products affected by CVE-2013-4296
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*