CVE-2012-4423
Published: 19 November 2012
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
Notes
Author | Note |
---|---|
mdeslaur | introduced in 0.9.3 |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(0.7.5-5ubuntu27.23)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Not vulnerable
(0.9.2-4ubuntu15.3)
|
|
precise |
Released
(0.9.8-2ubuntu17.7)
|
|
quantal |
Released
(0.9.13-0ubuntu10)
|
|
upstream |
Needed
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7ff9e696063189a715802d081d55a398663c15a |