CVE-2012-3445
Published: 7 August 2012
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.
Notes
Author | Note |
---|---|
mdeslaur | precise and earlier don't have virTypedParameterArrayClear, so no invalid free possible. |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(code not present)
|
|
natty |
Not vulnerable
(code not present)
|
|
oneiric |
Not vulnerable
(code not present)
|
|
precise |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=6039a2cb49c8af4c68460d2faf365a7e1c686c7b |