CVE-2013-0420

NameCVE-2013-0420
DescriptionUnspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)
Debian Bugs698292

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
virtualbox (PTS)jessie/contrib (security), jessie/contrib4.3.36-dfsg-1+deb8u1fixed
sid/contrib, buster/contrib5.1.28-dfsg-1fixed
wheezy, wheezy (security)4.1.42-dfsg-1+deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
virtualboxsource(unstable)4.1.18-dfsg-2low698292
virtualbox-osesource(unstable)(not affected)

Notes

- virtualbox-ose <not-affected> (Vulnerable code not present)

Search for package or bug name: Reporting problems