CVE-2012-4423 : The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of servi

The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.

Published 2012-11-19 12:10:52

Updated 2023-02-13 00:26:05

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2012-4423

Probability of exploitation activity in the next 30 days: 13.01%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-4423

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2012-4423

http://rhn.redhat.com/errata/RHSA-2012-1359.html

RHSA-2012:1359 - Security Advisory - Red Hat Customer Portal
http://www.securitytracker.com/id?1027649

libvirt Flaw in virNetServerProgramDispatchCall() Lets Remote Users Deny Service - SecurityTracker
http://www.ubuntu.com/usn/USN-1708-1

USN-1708-1: libvirt vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html

[SECURITY] Fedora 17 Update: libvirt-0.9.11.6-1.fc17
https://bugzilla.redhat.com/show_bug.cgi?id=857133

857133 – (CVE-2012-4423) CVE-2012-4423 libvirt: null function pointer invocation in virNetServerProgramDispatchCall()
https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html

[libvirt] [PATCH] Fix libvirtd crash possibility
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html

[SECURITY] Fedora 16 Update: libvirt-0.9.6.3-1.fc16
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a

libvirt.org Git
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html

[security-announce] openSUSE-SU-2013:0274-1: important: libvirt to fix u

CVEs referencing this url
http://www.securityfocus.com/bid/55541

libvirt 'virNetServerProgramDispatchCall()' Function Remote Denial Of Service Vulnerability
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f8fbeb50d52520a109d71c8566fed2ea600650ec

libvirt.org Git
http://www.openwall.com/lists/oss-security/2012/09/13/14

oss-security - Re: CVE Request -- libvirt: null function pointer invocation in virNetServerProgramDispatchCall()

Products affected by CVE-2012-4423

Redhat » Libvirt
Versions up to, including, (<=) 0.10.1
cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.8
cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.2
cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.1
cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.2
cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.1
cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.0
cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.1
cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.9
cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.2.0
cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.3.3
cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.0
cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.5.1
cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.0
cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.7
cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.0
cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.7
cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.0
cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.1
cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.3
cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.4
cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.2.1
cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.2.2
cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.1
cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.2
cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.3
cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.1
cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.2
cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.6
cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.5
cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.6
cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.5
cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.2
cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.3
cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.4
cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.5
cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.6
cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.2.3
cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.3.0
cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.4
cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.5
cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.3
cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.4
cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.4
cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.3
cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.4
cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.3
cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.5
cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.6
cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.7
cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.8
cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.3.1
cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.3.2
cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.6
cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.5.0
cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.5
cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.1
cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.0
cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.8
cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.6
cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.5
cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.7
cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.10
cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.9
cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.2
cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.4
cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.3
cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.13
cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.12
cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.10.0
cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.11
cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-4423

Exploit prediction scoring system (EPSS) score for CVE-2012-4423

CVSS scores for CVE-2012-4423

References for CVE-2012-4423

Products affected by CVE-2012-4423