PT-2014-2782 · Red Hat+1 · Libvirt+1

Zhenfang Wang

Publicado

2013-11-06

Atualizado

2024-06-15

CVE-2013-4399

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 1.1.3

Description The issue is related to the remoteClientFreeFunc function in daemon/remote.c. When ACLs are used, this function does not set an identity. As a result, event handler removal is denied, and remote attackers can cause a denial of service by registering an event handler and then closing the connection, leading to a use-after-free and crash.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2013-1059

CVE-2013-4399

OPENSUSE-SU-2024:10209-1

Produtos afetados

Alt Linux

Libvirt

PT-2014-2782 · Red Hat+1 · Libvirt+1

CVE-2013-4399

Identificadores relacionados

Produtos afetados

Referências · 47