JVN/CVE Demo: Cveinfos

CVE

Id: 60117
CVE No.: CVE-2013-0170
Status: Candidate
Description: Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
Phase: Assigned (20121206)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
606940	60117	CVE-2013-0170	CONFIRM:http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720	View
606941	60117	CVE-2013-0170	CONFIRM:http://libvirt.org/news.html	View
606942	60117	CVE-2013-0170	CONFIRM:http://wiki.libvirt.org/page/Maintenance_Releases	View
606943	60117	CVE-2013-0170	CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=893450	View
606944	60117	CVE-2013-0170	FEDORA:FEDORA-2013-1626	View
606945	60117	CVE-2013-0170	URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html	View
606946	60117	CVE-2013-0170	FEDORA:FEDORA-2013-1642	View
606947	60117	CVE-2013-0170	URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html	View
606948	60117	CVE-2013-0170	FEDORA:FEDORA-2013-1644	View
606949	60117	CVE-2013-0170	URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html	View
606950	60117	CVE-2013-0170	REDHAT:RHSA-2013:0199	View
606951	60117	CVE-2013-0170	URL:http://rhn.redhat.com/errata/RHSA-2013-0199.html	View
606952	60117	CVE-2013-0170	SUSE:SUSE-SU-2013:0320	View
606953	60117	CVE-2013-0170	URL:http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html	View
606954	60117	CVE-2013-0170	SUSE:openSUSE-SU-2013:0274	View
606955	60117	CVE-2013-0170	URL:http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html	View
606956	60117	CVE-2013-0170	SUSE:openSUSE-SU-2013:0275	View
606957	60117	CVE-2013-0170	URL:http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html	View
606958	60117	CVE-2013-0170	UBUNTU:USN-1708-1	View
606959	60117	CVE-2013-0170	URL:http://www.ubuntu.com/usn/USN-1708-1	View
606960	60117	CVE-2013-0170	BID:57578	View
606961	60117	CVE-2013-0170	URL:http://www.securityfocus.com/bid/57578	View
606962	60117	CVE-2013-0170	OSVDB:89644	View
606963	60117	CVE-2013-0170	URL:http://osvdb.org/89644	View
606964	60117	CVE-2013-0170	SECTRACK:1028047	View
606965	60117	CVE-2013-0170	URL:http://www.securitytracker.com/id/1028047	View
606966	60117	CVE-2013-0170	SECUNIA:52001	View
606967	60117	CVE-2013-0170	URL:http://secunia.com/advisories/52001	View
606968	60117	CVE-2013-0170	SECUNIA:52003	View
606969	60117	CVE-2013-0170	URL:http://secunia.com/advisories/52003	View
606970	60117	CVE-2013-0170	XF:libvirt-virnetmessagefree-code-exec(81552)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
20906	JVNDB-2013-002481	Grape などの製品で使用される Ruby 用 multi_xml gem におけるオブジェクトインジェクション攻撃を誘発される脆弱性	Grape およびその他の製品で使用される Ruby 用 multi_xml gem は、文字列の値のキャストを適切に制限しないため、オブジェクトインジェクション攻撃を誘発される、および任意のコードを実行される、またはサービス運用妨害 (メモリおよび CPU 資源の消費) 状態にされる脆弱性が存在します。	CVE-2013-0175	60117	7.5		http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-002481.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.30 MB
View render complete	2.75 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.81
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	399.90
Event: Controller.beforeRender	4.76
» Processing toolbar data	4.68
Rendering View	10.38
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	9.48
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.49
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.08
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/60117
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/60117
Remote Port	58474
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.56
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.36.49
Http Via	1.1 squid-proxy-75b5465b89-j8skb (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=tno03u3pj208cff8ul4ueaqhs6
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.56
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.56
Unique Id	aDOPtKMzqwszRF38o4NHTAAAAiA
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.56
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.56
Redirect Unique Id	aDOPtKMzqwszRF38o4NHTAAAAiA
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.56
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.56
Redirect Redirect Unique Id	aDOPtKMzqwszRF38o4NHTAAAAiA
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1748209588.9197
Request Time	1748209588

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files