Vulnerability Details : CVE-2013-4292
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.
Vulnerability category: Denial of service
Products affected by CVE-2013-4292
- cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4292
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4292
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-4292
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4292
-
http://security.gentoo.org/glsa/glsa-201412-04.xml
libvirt: Multiple vulnerabilities (GLSA 201412-04) — Gentoo security
-
http://www.mail-archive.com/libvir-list%40redhat.com/msg83332.html
[libvirt] [PATCH 01/12] Add bounds checking on virDomainMigrate*Params RPC calls (CVE-2013-4292)
-
http://libvirt.org/news.html
libvirt: Releases
Jump to