CVE-2013-4296
libvirt: invalid free in remoteDispatchDomainMemoryStats
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.
La funcion remoteDispatchDomainMemoryStats en daemon/remote.c de libvirt 0.9.1 hasta 0.10.1.x, 0.10.2.x anterior a 0.10.2.8, 1.0.x anterior a 1.0.5.6, y 1.1.x anterior 1.1.2 permite a usuarios remotos autenticados (deferencia y caida del proceso) a través de un llamada RPC manipulada
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condition was found in the way libvirt used this utility, allowing a local user to bypass intended PolicyKit authorizations or execute arbitrary commands with root privileges. Note: With this update, libvirt has been rebuilt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. The polkit RHSA-2013:1270 advisory must also be installed to fix the CVE-2013-4311 issue.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-09-18 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=e7f400a110e2e3673b96518170bfea0855dd82c0 | X_refsource_confirm | |
| http://secunia.com/advisories/60895 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://wiki.libvirt.org/page/Maintenance_Releases | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1006173 | 2013-09-19 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html | 2023-02-13 | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-1272.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2013-1460.html | 2023-02-13 | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | 2023-02-13 | |
| http://www.debian.org/security/2013/dsa-2764 | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1954-1 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2013-4296 | 2013-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.1 Search vendor "Redhat" for product "Libvirt" and version "0.9.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.2 Search vendor "Redhat" for product "Libvirt" and version "0.9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.3 Search vendor "Redhat" for product "Libvirt" and version "0.9.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.4 Search vendor "Redhat" for product "Libvirt" and version "0.9.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.5 Search vendor "Redhat" for product "Libvirt" and version "0.9.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.6 Search vendor "Redhat" for product "Libvirt" and version "0.9.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.7 Search vendor "Redhat" for product "Libvirt" and version "0.9.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.8 Search vendor "Redhat" for product "Libvirt" and version "0.9.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.9 Search vendor "Redhat" for product "Libvirt" and version "0.9.9" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.10 Search vendor "Redhat" for product "Libvirt" and version "0.9.10" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.11 Search vendor "Redhat" for product "Libvirt" and version "0.9.11" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.12 Search vendor "Redhat" for product "Libvirt" and version "0.9.12" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.9.13 Search vendor "Redhat" for product "Libvirt" and version "0.9.13" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.10.0 Search vendor "Redhat" for product "Libvirt" and version "0.10.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.10.1 Search vendor "Redhat" for product "Libvirt" and version "0.10.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.10.2 Search vendor "Redhat" for product "Libvirt" and version "0.10.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.10.2.1 Search vendor "Redhat" for product "Libvirt" and version "0.10.2.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.10.2.2 Search vendor "Redhat" for product "Libvirt" and version "0.10.2.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.10.2.3 Search vendor "Redhat" for product "Libvirt" and version "0.10.2.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.10.2.4 Search vendor "Redhat" for product "Libvirt" and version "0.10.2.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.10.2.5 Search vendor "Redhat" for product "Libvirt" and version "0.10.2.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.10.2.6 Search vendor "Redhat" for product "Libvirt" and version "0.10.2.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 0.10.2.7 Search vendor "Redhat" for product "Libvirt" and version "0.10.2.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.0.5.1 Search vendor "Redhat" for product "Libvirt" and version "1.0.5.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.0.5.2 Search vendor "Redhat" for product "Libvirt" and version "1.0.5.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.0.5.3 Search vendor "Redhat" for product "Libvirt" and version "1.0.5.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.0.5.4 Search vendor "Redhat" for product "Libvirt" and version "1.0.5.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.0.5.5 Search vendor "Redhat" for product "Libvirt" and version "1.0.5.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.1.0 Search vendor "Redhat" for product "Libvirt" and version "1.1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Libvirt Search vendor "Redhat" for product "Libvirt" | 1.1.1 Search vendor "Redhat" for product "Libvirt" and version "1.1.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 13.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "13.04" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||