CVE-2012-3445

Name of the Vulnerable Software and Affected Versions libvirt version 0.9.13

Description The issue is related to the virTypedParameterArrayClear function in libvirt, which does not properly handle virDomain* API calls with typed parameters. This might allow remote authenticated users to cause a denial of service, resulting in a libvirtd crash. The crash can be triggered via an RPC command with nparams set to zero, leading to an out-of-bounds read or a free of an invalid pointer.

Recommendations For libvirt version 0.9.13, consider disabling the virTypedParameterArrayClear function as a temporary workaround until a patch is available. Restrict access to the virDomain* API calls to minimize the risk of exploitation. Avoid using RPC commands with nparams set to zero in the affected API endpoint until the issue is resolved.