Input validation error in xen (Alpine package)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2013-2196 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Input validation error
EUVDB-ID: #VU33880
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2013-2196
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195.
MitigationInstall update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.1.4-r4
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=dac4485dfa4d8ae59e99caf4b911c196dc2b717f
https://git.alpinelinux.org/aports/commit/?id=386d947eaf640de1a5515087a2b65d5960e5624b
https://git.alpinelinux.org/aports/commit/?id=19901df1bcb30f294ee615cd161ba33d67c75771
https://git.alpinelinux.org/aports/commit/?id=50869d41a1af768fb0c39ff2d059a8bec102bc91
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
