Vulnerability Details : CVE-2013-2124
Potential exploit
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2013-2124
- cpe:2.3:a:libguestfs:libguestfs:1.21.39:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.38:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.37:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.30:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.29:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.22:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.21:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.13:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.12:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.5:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.4:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.20.2:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.34:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.33:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.26:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.25:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.18:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.17:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.9:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.8:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.20.5:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.20.6:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.36:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.35:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.28:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.27:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.20:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.19:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.11:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.10:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.20.3:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.20.4:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.40:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.32:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.31:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.24:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.23:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.16:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.15:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.14:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.7:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.21.6:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:libguestfs:libguestfs:1.20.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2124
1.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2124
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
References for CVE-2013-2124
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85145
libguestfs inspect-fs.c denial of service CVE-2013-2124 Vulnerability Report
-
https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd
inspection: Fix double-free when certain guest files are empty. · libguestfs/libguestfs@fa6a760 · GitHubExploit;Patch
-
http://osvdb.org/93724
-
https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html
Patch
-
https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html
[Libguestfs] ATTN: Denial of service attack possible on libguestfs 1.21.Patch
-
http://www.securityfocus.com/bid/60205
libguestfs 'inspect-fs.c' Double Free Local Denial of Service Vulnerability
-
http://seclists.org/oss-sec/2013/q2/431
oss-sec: Re: Re: CVE Request -- libguestfs (1.20.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / imagesPatch
Jump to