Vulnerability Details : CVE-2013-4239
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.
Vulnerability category: OverflowMemory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-4239
Probability of exploitation activity in the next 30 days: 0.39%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4239
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2013-4239
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4239
-
https://bugzilla.redhat.com/show_bug.cgi?id=996241
996241 – (CVE-2013-4239) CVE-2013-4239 libvirt: memory corruption in xenDaemonListDefinedDomains functionExploit;Patch
-
http://libvirt.org/news.html
libvirt: Releases
-
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=0e671a16
libvirt.org Git
-
http://www.openwall.com/lists/oss-security/2013/08/12/12
oss-security - Re: CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains functionExploit;Patch
Products affected by CVE-2013-4239
- cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*