CVE-2012-3445

Priority
Medium
Description
The virTypedParameterArrayClear function in libvirt 0.9.13 does not
properly handle virDomain* API calls with typed parameters, which might
allow remote authenticated users to cause a denial of service (libvirtd
crash) via an RPC command with nparams set to zero, which triggers an
out-of-bounds read or a free of an invalid pointer.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3445
https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
https://rhn.redhat.com/errata/RHSA-2012-1202.html
Bugs
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683483
https://bugzilla.redhat.com/show_bug.cgi?id=844734
Notes
mdeslaur> precise and earlier don't have virTypedParameterArrayClear, so
mdeslaur> no invalid free possible.
Assigned-to
mdeslaur
Package
Source: libvirt (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (code not present)
Ubuntu 11.04 (Natty Narwhal):not-affected (code not present)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (code not present)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code not present)
Ubuntu 12.10 (Quantal Quetzal):released (0.9.13-0ubuntu11)
Patches:
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=6039a2cb49c8af4c68460d2faf365a7e1c686c7b
More Information

Valid XHTML 1.0 Strict

Updated: 2012-09-26 17:14:26 UTC (commit 5821)