CVE Vulnerabilities

CVE-2013-0170

Use After Free

Published: Feb 08, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
6.8 IMPORTANT
AV:A/AC:H/Au:N/C:C/I:C/A:C
RedHat/V3
Ubuntu
MEDIUM

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Weakness

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.

Affected Software

Name Vendor Start Version End Version
Libvirt Redhat 0.9.6 (including) 0.9.6.4 (excluding)
Libvirt Redhat 0.9.11 (including) 0.9.11.9 (excluding)
Libvirt Redhat 0.10.2 (including) 0.10.2.3 (excluding)
Libvirt Redhat 1.0.0 (including) 1.0.2 (excluding)
Red Hat Enterprise Linux 6 RedHat libvirt-0:0.9.10-21.el6_3.8 *
Libvirt Ubuntu devel *
Libvirt Ubuntu hardy *
Libvirt Ubuntu precise *
Libvirt Ubuntu quantal *

Potential Mitigations

References