oss-sec mailing list archives

CVE request: libvirt: integer overflow in VirDomainGetVcpus

From: Petr Matousek <pmatouse () redhat com>
Date: Tue, 28 Jun 2011 13:46:09 +0200

It has been found that calling VirDomainGetVcpus with bogus parameters
can lead to integer overflow and subsequent heap corruption. A remote
attacker could use this flaw to crash libvirtd (DoS).

Upstream patch:
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=717199
https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE request: libvirt: integer overflow in VirDomainGetVcpus Petr Matousek (Jun 28)
- Re: CVE request: libvirt: integer overflow in VirDomainGetVcpus Josh Bressers (Jun 29)