CVE-2013-2218

NameCVE-2013-2218
DescriptionDouble free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs714699

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvirt (PTS)buster5.0.0-4+deb10u1fixed
bullseye7.0.0-3fixed
bookworm, sid9.0.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvirtsourcesqueeze(not affected)
libvirtsourcewheezy(not affected)
libvirtsourcejessie(not affected)
libvirtsource(unstable)1.1.0-1714699

Notes

[jessie] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
[wheezy] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
http://libvirt.org/git/?p=libvirt.git;a=commit;h=244e0b8cf15ca2ef48d82058e728656e6c4bad11
Vulnerable code introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=7ac2c4fe624f30f2c8270116513fa2ddab07631f

Search for package or bug name: Reporting problems