SB2013101802 - NULL pointer dereference in Xen

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2013101802

SB2013101802 - NULL pointer dereference in Xen

Published: October 18, 2013 Updated: July 28, 2020

Security Bulletin ID SB2013101802
Severity
Low
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) NULL pointer dereference (CVE-ID: CVE-2013-4369)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration. CWE-476: NULL Pointer Dereference Per http://cwe.mitre.org/data/definitions/476. A remote attacker can perform a denial of service (DoS) attack.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References