CVE-2013-4292

Name of the Vulnerable Software and Affected Versions libvirt versions 1.1.0 through 1.1.1

Description The issue allows local users to cause a denial of service, specifically memory consumption, by providing a large number of domain migrate parameters in certain RPC calls. This is related to the files daemon/remote.c and remote/remote driver.c.

Recommendations For libvirt versions 1.1.0 and 1.1.1, consider restricting the number of domain migrate parameters allowed in RPC calls as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.