CVE-2013-4296

Name of the Vulnerable Software and Affected Versions libvirt versions 0.9.1 through 0.10.1.x libvirt versions 0.10.2.x before 0.10.2.8 libvirt versions 1.0.x before 1.0.5.6 libvirt versions 1.1.x before 1.1.2

Description The issue allows remote authenticated users to cause a denial of service via a crafted RPC call, potentially leading to a crash due to an uninitialized pointer dereference. This can result in disruption of protected information availability. The exploitation can be carried out by a remote attacker who has passed the authentication procedure.

Recommendations For libvirt versions 0.9.1 through 0.10.1.x, update to a version outside of this range to resolve the issue. For libvirt versions 0.10.2.x before 0.10.2.8, update to version 0.10.2.8 or later. For libvirt versions 1.0.x before 1.0.5.6, update to version 1.0.5.6 or later. For libvirt versions 1.1.x before 1.1.2, update to version 1.1.2 or later. As a temporary workaround, consider restricting access to the remoteDispatchDomainMemoryStats function in daemon/remote.c until a patch is available.