CVE-2013-0170

Published: Feb 8, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Affected (18)

Products: Redhat: Libvirt, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit · +2 more

Show all products

Redhat: Libvirt, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit · Fedoraproject: Fedora · Canonical: Ubuntu Linux

Redhat

5 products

Libvirt

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Opensuse

1 product

Opensuse

Suse

3 products

Linux Enterprise Desktop

Linux Enterprise Server

Linux Enterprise Software Development Kit

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Libvirt	From 0.10.2 to 0.10.2.3
Redhat Libvirt	From 0.9.11 to 0.9.11.9
Redhat Libvirt	From 0.9.6 to 0.9.6.4
Redhat Libvirt	From 1.0.0 to 1.0.2

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.1
Opensuse Opensuse	Version 12.2
Suse Linux Enterprise Desktop	Version 11 sp2
Suse Linux Enterprise Server	Version 11 sp2
Suse Linux Enterprise Software Development Kit	Version 11 sp2

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 16
Fedoraproject Fedora	Version 17
Fedoraproject Fedora	Version 18

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.3
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (36)

http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720

Source: secalert@redhat.com

http://libvirt.org/news.html

Source: secalert@redhat.com

Release NotesVendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://osvdb.org/89644

Source: secalert@redhat.com

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0199.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/52001

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/52003

Source: secalert@redhat.com

Third Party Advisory

http://wiki.libvirt.org/page/Maintenance_Releases

Source: secalert@redhat.com

Release NotesVendor Advisory

http://www.securityfocus.com/bid/57578

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1028047

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-1708-1

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=893450

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/81552

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720