Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-0170

Опубликовано: 28 янв. 2013
Источник: redhat
CVSS2: 6.8
EPSS Средний

Описание

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Отчет

Not vulnerable. This issue did not affect the versions of libvirt as shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libvirtNot affected
Red Hat Enterprise Linux 6libvirtFixedRHSA-2013:019928.01.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=893450libvirt: use-after-free in virNetMessageFree()

EPSS

Процентиль: 95%
0.2022
Средний

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-0170

ubuntu
почти 13 лет назад

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

nvd логотип

CVE-2013-0170

nvd
почти 13 лет назад

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

debian логотип

CVE-2013-0170

debian
почти 13 лет назад

Use-after-free vulnerability in the virNetMessageFree function in rpc/ ...

github логотип

GHSA-rhxc-pp54-8x28

github
больше 3 лет назад

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

oracle-oval логотип

ELSA-2013-0199

oracle-oval
почти 13 лет назад

ELSA-2013-0199: libvirt security update (IMPORTANT)

EPSS

Процентиль: 95%
0.2022
Средний

6.8 Medium

CVSS2