{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "SUSE-SU-2014:0470", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"}, {"name": "55082", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55082"}, {"name": "GLSA-201309-24", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"}, {"name": "[oss-security] 20130620 Xen Security Advisory 55 (CVE-2013-2194,CVE-2013-2195,CVE-2013-2196) - Multiple vulnerabilities in libelf PV kernel handling", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/06/20/4"}, {"name": "[oss-security] 20130620 Re: Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/06/20/2"}, {"name": "SUSE-SU-2014:0446", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"}, {"name": "DSA-3006", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3006"}, {"name": "SUSE-SU-2014:0411", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX138058"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:27:40.975Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2014:0470", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"}, {"name": "55082", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55082"}, {"name": "GLSA-201309-24", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"}, {"name": "[oss-security] 20130620 Xen Security Advisory 55 (CVE-2013-2194,CVE-2013-2195,CVE-2013-2196) - Multiple vulnerabilities in libelf PV kernel handling", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/06/20/4"}, {"name": "[oss-security] 20130620 Re: Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/06/20/2"}, {"name": "SUSE-SU-2014:0446", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"}, {"name": "DSA-3006", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3006"}, {"name": "SUSE-SU-2014:0411", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX138058"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2194", "datePublished": "2013-08-23T16:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:27:40.975Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A5A810A-20A3-45BF-9207-552057F8D266", "versionEndIncluding": "4.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de enteros en el analizador ELF (libelf) en Xen v4.2.x y anteriores permite a los administradores invitados locales con ciertos permisos, tener un impacto no especificado a trav\u00e9s de un kernel hecho manipulado."}], "id": "CVE-2013-2194", "lastModified": "2014-12-12T02:59:33.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-23T16:55:07.097", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55082"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://support.citrix.com/article/CTX138058"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3006"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/06/20/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/06/20/4"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Xen project for reporting this issue.", "bugzilla": {"description": "xen: Multiple vulnerabilities in libelf PV kernel handling", "id": "970631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=970631"}, "csaw": false, "cvss": {"cvss_base_score": "6.5", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "status": "draft"}, "details": ["Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel."], "name": "CVE-2013-2194", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-06-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2194\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2194"], "statement": "The risks associated with fixing this issue are greater than its security impact. This issue is not currently planned to be addressed in future xen updates for Red Hat Enterprise Linux 5.", "threat_severity": "Important"}