CVE-2011-2511

Priority
Medium
Description
Integer overflow in libvirt before 0.9.3 allows remote authenticated users
to cause a denial of service (libvirtd crash) and possibly execute
arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers
memory corruption.
References
Bugs
Notes
 jdstrand> DoS is confirmed by a remote authenticated user
 jdstrand> 89d994ad6b0e8ebe9a2cd4e0e37119ff4c917550 (gnulib) may not actually
  be required to fix in stable releases.
 jdstrand> fixed in 0.8.3-5+squeeze2
Assigned-to
jdstrand
Package
Upstream:released (0.9.3, 0.9.2-7)
Patches:
Upstream:https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
Upstream:774b21c163845170c9ffa873f5720d318812eaf6
Upstream:89d994ad6b0e8ebe9a2cd4e0e37119ff4c917550
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1019.html
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:39:47 UTC (commit 9756)