CVE-2013-4153
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
30/09/2013
Last modified:
11/04/2025
Description
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://libvirt.org/git/?p=libvirt.git%3Ba%3Dcommitdiff%3Bh%3Ddfc692350a04a70b4ca65667c30869b3bfdaf034
- http://libvirt.org/news.html
- http://openwall.com/lists/oss-security/2013/07/19/11
- https://bugzilla.redhat.com/show_bug.cgi?id=984821
- https://bugzilla.redhat.com/show_bug.cgi?id=986383
- http://libvirt.org/git/?p=libvirt.git%3Ba%3Dcommitdiff%3Bh%3Ddfc692350a04a70b4ca65667c30869b3bfdaf034
- http://libvirt.org/news.html
- http://openwall.com/lists/oss-security/2013/07/19/11
- https://bugzilla.redhat.com/show_bug.cgi?id=984821
- https://bugzilla.redhat.com/show_bug.cgi?id=986383