The virTypedParameterArrayClear function in libvirt 0.9.13 does not
properly handle virDomain* API calls with typed parameters, which might
allow remote authenticated users to cause a denial of service (libvirtd
crash) via an RPC command with nparams set to zero, which triggers an
out-of-bounds read or a free of an invalid pointer.
mdeslaur> precise and earlier don't have virTypedParameterArrayClear, so
mdeslaur> no invalid free possible.
Updated: 2012-09-26 17:14:26 UTC (commit 5821)