CVE-2012-3445

libvirt: crash in virTypedParameterArrayClear

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.

La función de virTypedParameterArrayClear en libvirt v0.9.13 no maneja adecuadamente virDomain* llamadas a la API con los parámetros tipo, permitiendo a usuarios remotos autenticados provocar una denegación de servicio (caída libvirtd) a través de un comando RPC con nparams puestos a cero, lo que desencadena una salida de la cancha de lectura o un libre de un puntero no válido.

The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could trigger this flaw with a specially-crafted RPC command that has the number of parameters set to 0, causing libvirtd to access invalid memory and crash.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-06-14 CVE Reserved
2012-08-07 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (11)

URL	Tag	Source
http://secunia.com/advisories/50299	Third Party Advisory
http://secunia.com/advisories/50372	Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/07/31/4	Mailing List
http://www.openwall.com/lists/oss-security/2012/07/31/7	Mailing List
http://www.securityfocus.com/bid/54748	Vdb Entry
https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2012-08/msg00023.html	2013-03-22
http://rhn.redhat.com/errata/RHSA-2012-1202.html	2013-03-22
http://secunia.com/advisories/50118	2013-03-22
https://bugzilla.redhat.com/show_bug.cgi?id=844734	2012-08-23
https://access.redhat.com/security/cve/CVE-2012-3445	2012-08-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Libvirt Search vendor "Redhat" for product "Libvirt"				0.9.13 Search vendor "Redhat" for product "Libvirt" and version "0.9.13"		-		Affected