CVE-2013-0170

Name of the Vulnerable Software and Affected Versions libvirt versions 0.9.6 through 0.9.6.3 libvirt versions 0.9.10 through 0.9.10.8 libvirt versions 0.10.2 through 0.10.2.2 libvirt versions 1.0.x through 1.0.1

Description The issue is related to a use-after-free vulnerability in the virNetMessageFree function, which can be exploited remotely to cause a denial of service or possibly execute arbitrary code. This vulnerability can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out during an RPC connection by triggering certain errors, causing a message to be freed without being removed from the message queue.

Recommendations For libvirt versions 0.9.6 through 0.9.6.3, update to version 0.9.6.4 or later. For libvirt versions 0.9.10 through 0.9.10.8, update to version 0.9.10.9 or later. For libvirt versions 0.10.2 through 0.10.2.2, update to version 0.10.2.3 or later. For libvirt versions 1.0.x through 1.0.1, update to version 1.0.2 or later.