PT-2011-1133 · Libvirt+1 · Libvirt+1

Petr Matousek

Published

2011-07-21

Updated

2024-06-15

CVE-2011-2511

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 0.9.3

Description The issue is caused by an integer overflow in libvirt, allowing remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. This can lead to a disruption in the availability of protected information. The exploitation can be carried out remotely by an attacker who has passed the authentication procedure.

Recommendations For versions prior to 0.9.3, update to version 0.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the VirDomainGetVcpus RPC call to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

BDU:2015-07039

BDU:2015-07040

BDU:2015-07041

BDU:2015-07042

BDU:2015-07043

CVE-2011-2511

DSA-2280-1

OPENSUSE-SU-2024:10209-1

RHSA-2011:1019

RHSA-2011:1197

RHSA-2011_1019

RHSA-2011_1197

Affected Products

Red Hat

Libvirt

PT-2011-1133 · Libvirt+1 · Libvirt+1

CVE-2011-2511

Weakness Enumeration

Related Identifiers

Affected Products

References · 62