oss-sec mailing list archives
CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 29 May 2013 08:21:42 -0400 (EDT)
Hello Kurt, Steve, vendors, LibguestFS upstream has issued the following patch: [1] https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd to correct a double-free flaw in the virt-inspector / other virt-* tools, which could lead to denial of service if some of the tools were used by 3rd party applications for inspection of untrusted guest files / images: [2] https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html [3] https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html Could you allocate a CVE identifier for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Jan Lieskovsky (May 29)