CVE-2012-4423

EUVD-2012-4358
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
redhatlibvirt
𝑥
≤ 0.10.1
redhatlibvirt
0.0.1
redhatlibvirt
0.0.2
redhatlibvirt
0.0.3
redhatlibvirt
0.0.4
redhatlibvirt
0.0.5
redhatlibvirt
0.0.6
redhatlibvirt
0.1.0
redhatlibvirt
0.1.1
redhatlibvirt
0.1.3
redhatlibvirt
0.1.4
redhatlibvirt
0.1.5
redhatlibvirt
0.1.6
redhatlibvirt
0.1.7
redhatlibvirt
0.1.8
redhatlibvirt
0.1.9
redhatlibvirt
0.2.0
redhatlibvirt
0.2.1
redhatlibvirt
0.2.2
redhatlibvirt
0.2.3
redhatlibvirt
0.3.0
redhatlibvirt
0.3.1
redhatlibvirt
0.3.2
redhatlibvirt
0.3.3
redhatlibvirt
0.4.0
redhatlibvirt
0.4.1
redhatlibvirt
0.4.2
redhatlibvirt
0.4.3
redhatlibvirt
0.4.4
redhatlibvirt
0.4.5
redhatlibvirt
0.4.6
redhatlibvirt
0.5.0
redhatlibvirt
0.5.1
redhatlibvirt
0.6.0
redhatlibvirt
0.6.1
redhatlibvirt
0.6.2
redhatlibvirt
0.6.3
redhatlibvirt
0.6.4
redhatlibvirt
0.6.5
redhatlibvirt
0.7.0
redhatlibvirt
0.7.1
redhatlibvirt
0.7.2
redhatlibvirt
0.7.3
redhatlibvirt
0.7.4
redhatlibvirt
0.7.5
redhatlibvirt
0.7.6
redhatlibvirt
0.7.7
redhatlibvirt
0.8.0
redhatlibvirt
0.8.1
redhatlibvirt
0.8.2
redhatlibvirt
0.8.3
redhatlibvirt
0.8.4
redhatlibvirt
0.8.5
redhatlibvirt
0.8.6
redhatlibvirt
0.8.7
redhatlibvirt
0.8.8
redhatlibvirt
0.9.0
redhatlibvirt
0.9.1
redhatlibvirt
0.9.2
redhatlibvirt
0.9.3
redhatlibvirt
0.9.4
redhatlibvirt
0.9.5
redhatlibvirt
0.9.6
redhatlibvirt
0.9.7
redhatlibvirt
0.9.8
redhatlibvirt
0.9.9
redhatlibvirt
0.9.10
redhatlibvirt
0.9.11
redhatlibvirt
0.9.12
redhatlibvirt
0.9.13
redhatlibvirt
0.10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bookworm
9.0.0-4+deb12u1
fixed
bullseye
7.0.0-3+deb11u3
fixed
sid
10.9.0-1
fixed
squeeze
not-affected
trixie
10.9.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
hardy
ignored
lucid
not-affected
natty
ignored
oneiric
not-affected
precise
Fixed 0.9.8-2ubuntu17.7
released
quantal
Fixed 0.9.13-0ubuntu10
released
References
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f8fbeb50d52520a109d71c8566fed2ea600650ec
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html
http://rhn.redhat.com/errata/RHSA-2012-1359.html
http://www.openwall.com/lists/oss-security/2012/09/13/14
http://www.securityfocus.com/bid/55541
http://www.securitytracker.com/id?1027649
http://www.ubuntu.com/usn/USN-1708-1
https://bugzilla.redhat.com/show_bug.cgi?id=857133
https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f8fbeb50d52520a109d71c8566fed2ea600650ec
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html
http://rhn.redhat.com/errata/RHSA-2012-1359.html
http://www.openwall.com/lists/oss-security/2012/09/13/14
http://www.securityfocus.com/bid/55541
http://www.securitytracker.com/id?1027649
http://www.ubuntu.com/usn/USN-1708-1
https://bugzilla.redhat.com/show_bug.cgi?id=857133
https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html