oss-sec mailing list archives

CVE Request -- libvirt: crash in virTypedParameterArrayClear

From: Petr Matousek <pmatouse () redhat com>
Date: Tue, 31 Jul 2012 16:59:44 +0200

It has been found that sending crafted RPC command with nparams set to 0
can lead to libvirtd accessing random memory, possibly leading to crash.
A remote attacker could use this flaw to crash libvirtd (DoS).

Upstream proposed fix:
https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html

References:
https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
https://bugzilla.redhat.com/show_bug.cgi?id=844734

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE Request -- libvirt: crash in virTypedParameterArrayClear Petr Matousek (Jul 31)
- Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear Kurt Seifried (Jul 31)