CVE-2013-4297

Published: 30 September 2013

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.

Priority

Status

Package	Release	Status
libvirt Launchpad, Ubuntu, Debian	lucid	Not vulnerable (code not present)
	precise	Not vulnerable (code not present)
	quantal	Not vulnerable (code not present)
	raring	Not vulnerable (code not present)
	upstream	Released (1.1.2-2)
	Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2dba0323ff0cec31bdcea9dd3b2428af297401f2

References

https://www.cve.org/CVERecord?id=CVE-2013-4297
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4297

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›