QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4153

Published: Sep 30, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://libvirt.org/news.html

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=984821

x_refsource_CONFIRM

http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=dfc692350a04a70b4ca65667c30869b3bfdaf034

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=986383

x_refsource_CONFIRM

[oss-security] 20130719 Re: CVE request -- libvirt: double free of returned JSON array in qemuAgentGetVCPUs()

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.