#VU42521 Buffer overflow in libvirt - CVE-2013-4297

Cybersecurity Help s.r.o.

Published: 2013-10-01 | Updated: 2020-08-10

Vulnerability identifier: #VU42521

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-4297

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libvirt
Universal components / Libraries / Libraries used by multiple products

Vendor: libvirt.org

Description

The vulnerability allows a remote #AU# to perform service disruption.

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libvirt: 0.0.1 - 1.1.1

External links
https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2dba0323ff0cec31bdcea9dd3b2428af297401f2
https://secunia.com/advisories/60895
https://security.gentoo.org/glsa/glsa-201412-04.xml
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4297

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in libvirt