CVE-2013-0420 - OpenCVE

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensuse	Opensuse
Oracle	Virtualization Vm Virtualbox

Configuration 1 [-]

OR	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:oracle:virtualization:4.0:::::::*
	cpe:2.3:a:oracle:virtualization:4.1:::::::*
	cpe:2.3:a:oracle:virtualization:4.2:::::::*
	cpe:2.3:a:oracle:vm_virtualbox:4.0:::::::*
	cpe:2.3:a:oracle:vm_virtualbox:4.1.0:::::::*
	cpe:2.3:a:oracle:vm_virtualbox:4.2.0:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://bugzilla.novell.com/show_bug.cgi?id=798776
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763
https://www.virtualbox.org/changeset/44055/vbox

History

No history.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2013-01-17T01:30:00

Updated: 2024-08-06T14:25:10.297Z

Reserved: 2012-12-07T00:00:00

Link: CVE-2013-0420

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-01-17T01:55:06.063

Modified: 2018-10-30T16:27:33.937

Link: CVE-2013-0420

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-15T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to \"draw more lines than necessary.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "openSUSE-SU-2013:0231", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.virtualbox.org/changeset/44055/vbox"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=798776"}, {"name": "oval:org.mitre.oval:def:15763", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763"}, {"name": "MDVSA-2013:150", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2013-0420", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to \"draw more lines than necessary.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2013:0231", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"}, {"name": "https://www.virtualbox.org/changeset/44055/vbox", "refsource": "MISC", "url": "https://www.virtualbox.org/changeset/44055/vbox"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=798776", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=798776"}, {"name": "oval:org.mitre.oval:def:15763", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763"}, {"name": "MDVSA-2013:150", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:25:10.297Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2013:0231", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.virtualbox.org/changeset/44055/vbox"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=798776"}, {"name": "oval:org.mitre.oval:def:15763", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763"}, {"name": "MDVSA-2013:150", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2013-0420", "datePublished": "2013-01-17T01:30:00", "dateReserved": "2012-12-07T00:00:00", "dateUpdated": "2024-08-06T14:25:10.297Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A303983A-E6D6-4CBC-B2DC-0293EFB623AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:virtualization:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C5C8C6F-8693-4213-A325-62771C804C8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:virtualization:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "5393FAC7-4E94-4509-AA52-742886A7CB10", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CFF538E9-7D10-4B79-BDA7-8115047EC1BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E0752242-640A-45C9-8489-29CA18EB63E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB32F058-DDF8-4942-8D40-E3F97E4A44CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to \"draw more lines than necessary.\""}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el componente VirtualBox en Oracle Virtualization v4.0, v4.1 y v4.2 permite a usuarios locales afectan la integridad y la disponibilidad a trav\u00e9s de vectores desconocidos relacionados con el Core (nucleo)."}], "id": "CVE-2013-0420", "lastModified": "2018-10-30T16:27:33.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-01-17T01:55:06.063", "references": [{"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"}, {"source": "secalert_us@oracle.com", "tags": ["Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=798776"}, {"source": "secalert_us@oracle.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763"}, {"source": "secalert_us@oracle.com", "tags": ["Exploit", "Patch"], "url": "https://www.virtualbox.org/changeset/44055/vbox"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}