Описание
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
Отчет
The versions of libvirt as shipped with Red Hat Enterprise Linux 5 are not affected. Future libvirt updates for Red Hat Enterprise Linux 6 may address this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 6 | libvirt | Fixed | RHSA-2012:1202 | 23.08.2012 |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS2
Связанные уязвимости
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
The virTypedParameterArrayClear function in libvirt 0.9.13 does not pr ...
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
ELSA-2012-1202: libvirt security and bug fix update (MODERATE)
3.3 Low
CVSS2