The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-12-12T15:00:00
Updated: 2024-08-06T16:45:13.355Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4399
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-12-12T15:59:00.070
Modified: 2024-11-21T01:55:29.477
Link: CVE-2013-4399
Redhat