Tingting Zheng

**Name of the Vulnerable Software and Affected Versions** libvirt versions 0.9.6 through 0.9.6.3 libvirt versions 0.9.10 through 0.9.10.8 libvirt versions 0.10.2 through 0.10.2.2 libvirt versions 1.0.x through 1.0.1 **Description** The issue is related to a use-after-free vulnerability in the `virNetMessageFree` function, which can be exploited remotely to cause a denial of service or possibly execute arbitrary code. This vulnerability can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out during an RPC connection by triggering certain errors, causing a message to be freed without being removed from the message queue. **Recommendations** For libvirt versions 0.9.6 through 0.9.6.3, update to version 0.9.6.4 or later. For libvirt versions 0.9.10 through 0.9.10.8, update to version 0.9.10.9 or later. For libvirt versions 0.10.2 through 0.10.2.2, update to version 0.10.2.3 or later. For libvirt versions 1.0.x through 1.0.1, update to version 1.0.2 or later.