Red Hat · Libvirt · CVE-2013-4399
**Name of the Vulnerable Software and Affected Versions**
libvirt versions prior to 1.1.3
**Description**
The issue is related to the remoteClientFreeFunc function in daemon/remote.c. When ACLs are used, this function does not set an identity. As a result, event handler removal is denied, and remote attackers can cause a denial of service by registering an event handler and then closing the connection, leading to a use-after-free and crash.
**Recommendations**
For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue.