CVE-2013-4297

CVSS V2 Medium 4 CVSS V3 None

Description

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.

Overview

CVE ID
CVE-2013-4297

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2013-09-30T21:55:09

Last Modified Date
2023-02-13T04:46:22

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:redhat:libvirt::::::::	1	OR	1.1.2
cpe:2.3:a:redhat:libvirt:0.0.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.0.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.0.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.0.4:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.0.5:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.0.6:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.1.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.1.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.1.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.1.4:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.1.5:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.1.6:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.1.7:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.1.8:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.1.9:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.2.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.2.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.2.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.2.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.3.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.3.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.3.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.3.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.4.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.4.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.4.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.4.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.4.4:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.4.5:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.4.6:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.5.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.5.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.6.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.6.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.6.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.6.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.6.4:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.6.5:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.7.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.7.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.7.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.7.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.7.4:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.7.5:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.7.6:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.7.7:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.8.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.8.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.8.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.8.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.8.4:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.8.5:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.8.6:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.8.7:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.8.8:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.4:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.5:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.6:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.6.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.6.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.6.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.7:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.8:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.9:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.10:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.11:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.11.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.11.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.11.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.11.4:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.11.5:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.11.6:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.11.7:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.11.8:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.12:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.9.13:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.10.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.10.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.10.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.10.2.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:0.10.2.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:1.0.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:1.0.1:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:1.0.2:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:1.0.3:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:1.0.4:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:1.0.5:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:1.0.6:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:1.1.0:::::::*	1	OR
cpe:2.3:a:redhat:libvirt:1.1.1:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
SINGLE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
PARTIAL

Base Score
4

Severity
MEDIUM

Exploitability Score
8

Impact Score
2.9

References

Reference URL	Reference Tags
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4297	Exploit Patch
http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2dba0323ff0cec31bdcea9dd3b2428af297401f2	Exploit Patch
http://secunia.com/advisories/60895
http://security.gentoo.org/glsa/glsa-201412-04.xml

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2013-4297
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4297

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 10:25:06				Added to TrackCVE
2022-12-01 19:54:44	2013-09-30T21:55Z	2013-09-30T21:55:09	CVE Published Date	updated
2022-12-01 19:54:44		2015-01-02T16:25:16	CVE Modified Date	updated
2022-12-01 19:54:44		Analyzed	Vulnerability Status	updated
2023-02-13 05:06:00		2023-02-13T04:46:22	CVE Modified Date	updated
2023-02-13 05:06:00	Analyzed	Modified	Vulnerability Status	updated