CVE-2013-4399
EPSS 0.71%Published: 12/12/2014Modified: 4/28/2026
Description
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.
Affected packages (1)
- Debian/libvirtfrom 0, < 1.1.4-1