oss-sec mailing list archives

CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 29 May 2013 08:21:42 -0400 (EDT)

Hello Kurt, Steve, vendors,

  LibguestFS upstream has issued the following patch:
  [1] https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd

to correct a double-free flaw in the virt-inspector / other virt-* tools,
which could lead to denial of service if some of the tools were used by
3rd party applications for inspection of untrusted guest files / images:

  [2] https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html
  [3] https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html

Could you allocate a CVE identifier for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Jan Lieskovsky (May 29)
- Re: CVE Request -- libguestfs (1.20.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Richard W.M. Jones (May 29)
  - Re: Re: CVE Request -- libguestfs (1.20.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Kurt Seifried (May 29)