Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3445

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-3445
Last Modified 21 Mar 2013 11:11:32
Published 07 Aug 2012 05:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-3445

Summary

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.

Vulnerable Systems

Application

  • Redhat Libvirt 0.9.13


References

MLIST - [libvirt] 20120730 [PATCH] daemon: Fix crash in virTypedParameterArrayClear

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=844734

BID - 54748

MLIST - [oss-security] 20120731 Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear

MLIST - [oss-security] 20120731 CVE Request -- libvirt: crash in virTypedParameterArrayClear

SECUNIA - 50118

REDHAT - RHSA-2012:1202

SUSE - openSUSE-SU-2012:0991

SECUNIA - 50372

SECUNIA - 50299


Last Updated: 27 May 2016 10:55:02