CVE-2013-4153
Published: 30 September 2013
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.
Notes
Author | Note |
---|---|
mdeslaur | Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3099c063e348fdc79a900f88bcfc5389dada7786 which is in 1.1.0 |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
upstream |
Released
(1.1.0-4)
|
lucid |
Not vulnerable
(code not present)
|
|
precise |
Not vulnerable
(code not present)
|
|
quantal |
Not vulnerable
(code not present)
|
|
raring |
Not vulnerable
(code not present)
|
|
saucy |
Not vulnerable
(code not present)
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=dfc692350a04a70b4ca65667c30869b3bfdaf034 |