CVE-2013-4399

描述

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.

受影響套件(1)

• Debian/libvirtfrom 0, < 1.1.4-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-4399