QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4154

Published: Sep 30, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=96518d4316b711c72205117f8d5c967d5127bbb6

x_refsource_CONFIRM

http://libvirt.org/news.html

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=984821

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=986386

x_refsource_CONFIRM

[oss-security] 20130719 Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.