Novell Home

CVE-2012-3445

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3445 at MITRE

Description

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.

NVD CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 773955

SUSE Security Advisories:

© 2014 Novell