CVE - CVE-2012-4423

CVE-ID
CVE-2012-4423	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[libvirt] 20120912 [PATCH] Fix libvirtd crash possibility URL:https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html MLIST:[oss-security] 20120913 Re: CVE Request -- libvirt: null function pointer invocation in virNetServerProgramDispatchCall() URL:http://www.openwall.com/lists/oss-security/2012/09/13/14 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=857133 CONFIRM:http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7ff9e696063189a715802d081d55a398663c15a CONFIRM:http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=f8fbeb50d52520a109d71c8566fed2ea600650ec FEDORA:FEDORA-2012-15634 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html FEDORA:FEDORA-2012-15640 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html REDHAT:RHSA-2012:1359 URL:http://rhn.redhat.com/errata/RHSA-2012-1359.html SUSE:openSUSE-SU-2013:0274 URL:http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html UBUNTU:USN-1708-1 URL:http://www.ubuntu.com/usn/USN-1708-1 BID:55541 URL:http://www.securityfocus.com/bid/55541 SECTRACK:1027649 URL:http://www.securitytracker.com/id?1027649
Assigning CNA
N/A
Date Entry Created
20120821	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120821)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org