CVE-2013-5651 - Vulnerability Details

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Libvirt

Configuration 1 [-]

OR	cpe:2.3:a:redhat:libvirt::::::::
	cpe:2.3:a:redhat:libvirt:0.0.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.0.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.0.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.0.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.0.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.0.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.8:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.9:::::::*
	cpe:2.3:a:redhat:libvirt:0.2.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.2.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.2.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.2.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.3.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.3.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.3.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.3.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.5.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.5.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.8:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.6.1:::::::*
cpe:2.3:a:redhat:libvirt:0.9.6.2:::::::*
cpe:2.3:a:redhat:libvirt:0.9.6.3:::::::*
cpe:2.3:a:redhat:libvirt:0.9.7:::::::*
cpe:2.3:a:redhat:libvirt:0.9.8:::::::*
cpe:2.3:a:redhat:libvirt:0.9.9:::::::*
cpe:2.3:a:redhat:libvirt:0.9.10:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11.1:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11.2:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11.3:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11.4:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11.5:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11.6:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11.7:::::::*
cpe:2.3:a:redhat:libvirt:0.9.11.8:::::::*
cpe:2.3:a:redhat:libvirt:0.9.12:::::::*
cpe:2.3:a:redhat:libvirt:0.9.13:::::::*
cpe:2.3:a:redhat:libvirt:0.10.0:::::::*
cpe:2.3:a:redhat:libvirt:0.10.1:::::::*
cpe:2.3:a:redhat:libvirt:0.10.2:::::::*
cpe:2.3:a:redhat:libvirt:0.10.2.1:::::::*
cpe:2.3:a:redhat:libvirt:0.10.2.2:::::::*
cpe:2.3:a:redhat:libvirt:0.10.2.3:::::::*
cpe:2.3:a:redhat:libvirt:0.10.2.4:::::::*
cpe:2.3:a:redhat:libvirt:0.10.2.5:::::::*
cpe:2.3:a:redhat:libvirt:0.10.2.6:::::::*
cpe:2.3:a:redhat:libvirt:0.10.2.7:::::::*
cpe:2.3:a:redhat:libvirt:0.10.2.8:::::::*
cpe:2.3:a:redhat:libvirt:1.0.0:::::::*
cpe:2.3:a:redhat:libvirt:1.0.1:::::::*
cpe:2.3:a:redhat:libvirt:1.0.2:::::::*
cpe:2.3:a:redhat:libvirt:1.0.3:::::::*
cpe:2.3:a:redhat:libvirt:1.0.4:::::::*
cpe:2.3:a:redhat:libvirt:1.0.5:::::::*
cpe:2.3:a:redhat:libvirt:1.0.5.1:::::::*
cpe:2.3:a:redhat:libvirt:1.0.5.2:::::::*
cpe:2.3:a:redhat:libvirt:1.0.5.3:::::::*
cpe:2.3:a:redhat:libvirt:1.0.5.4:::::::*
cpe:2.3:a:redhat:libvirt:1.0.5.5:::::::*
cpe:2.3:a:redhat:libvirt:1.0.5.6:::::::*
cpe:2.3:a:redhat:libvirt:1.0.6:::::::*
cpe:2.3:a:redhat:libvirt:1.1.0:::::::*

No data.

References

Link	Providers
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25
http://libvirt.org/news.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html
http://secunia.com/advisories/60895
http://security.gentoo.org/glsa/glsa-201412-04.xml
http://www.openwall.com/lists/oss-security/2013/08/30/1
http://www.ubuntu.com/usn/USN-1954-1
https://bugzilla.redhat.com/show_bug.cgi?id=997367
https://nvd.nist.gov/vuln/detail/CVE-2013-5651
https://www.cve.org/CVERecord?id=CVE-2013-5651

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-09-30T21:00:00

Updated: 2024-08-06T17:15:21.455Z

Reserved: 2013-08-30T00:00:00

Link: CVE-2013-5651

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-09-30T21:55:09.660

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-5651

Redhat

Severity : Moderate

Publid Date: 2013-08-29T00:00:00Z

Links: CVE-2013-5651 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-15T00:00:00", "descriptions": [{"lang": "en", "value": "The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-12T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://libvirt.org/news.html"}, {"name": "60895", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60895"}, {"name": "GLSA-201412-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25"}, {"name": "USN-1954-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1954-1"}, {"name": "[oss-security] 20130830 Re: CVE request -- libvirt: virBitmapParse out-of-bounds read access", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/08/30/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=997367"}, {"name": "openSUSE-SU-2013:1550", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5651", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://libvirt.org/news.html", "refsource": "CONFIRM", "url": "http://libvirt.org/news.html"}, {"name": "60895", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60895"}, {"name": "GLSA-201412-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25", "refsource": "CONFIRM", "url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25"}, {"name": "USN-1954-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1954-1"}, {"name": "[oss-security] 20130830 Re: CVE request -- libvirt: virBitmapParse out-of-bounds read access", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/08/30/1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=997367", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=997367"}, {"name": "openSUSE-SU-2013:1550", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:15:21.455Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://libvirt.org/news.html"}, {"name": "60895", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60895"}, {"name": "GLSA-201412-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25"}, {"name": "USN-1954-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1954-1"}, {"name": "[oss-security] 20130830 Re: CVE request -- libvirt: virBitmapParse out-of-bounds read access", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/08/30/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=997367"}, {"name": "openSUSE-SU-2013:1550", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-5651", "datePublished": "2013-09-30T21:00:00", "dateReserved": "2013-08-30T00:00:00", "dateUpdated": "2024-08-06T17:15:21.455Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D5F40A1-DE55-47FC-B223-BAB76885A8AC", "versionEndIncluding": "1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E04748DC-4F9F-4BC2-A3D7-EAC3B73C5A8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5F45083-97C6-466F-9D67-057DDD08CFD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F906DC41-4724-4F81-9402-4EA3BC3F38A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "53C3F149-D917-4BB6-B264-F316DD96D2B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "10857CB9-D8B1-4EB4-8D93-E0DCC05F0C35", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "153AE3B9-F951-4AE5-9456-934E15445054", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "CEE87D15-DA60-4F89-BCFD-9CAB68111D70", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "9BD8C1F3-5920-4684-BD05-6FA88EDAB64F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "60C81865-E1DB-40DA-9BB7-CE32C9EC4561", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*", "matchCriteriaId": "C1DC7BA8-ED6D-42C2-87EC-42F85CD276C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*", "matchCriteriaId": "0AD99520-DF9D-4012-ADDB-14468FDEFB6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*", "matchCriteriaId": "780A2EC8-5D4B-40B0-9A5A-EDC020554D47", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*", "matchCriteriaId": "78C18997-7086-4BB0-8490-EDB5394951F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "37F280ED-37E3-4AB5-9BF1-AC935D904503", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "0AC1F6BC-AB75-45F7-B846-D8900A0C690A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "97F5B122-AE6D-479F-BC46-66E3F729A7D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C433B92-DE77-4B44-BE9D-98449FC7BF1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "28132532-C0C7-4EAE-ADAE-3ADA58AE2EC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3DA73633-136A-422F-AF77-2C29224C6981", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6310759E-ADFB-4DF4-8D10-4DDC42D29AE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "7E2B1536-6671-4508-BC7D-6F11408B3CF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "AA7D7BAB-A2EC-4DD9-A7B8-D5806CD5F306", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "94E85C10-0192-46B4-828D-52BAE6A6F69C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "52AF89AC-A906-479F-85AA-E9D47A83778F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.10.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D60D834F-926B-416B-AB66-FCD7981DDCF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune."}, {"lang": "es", "value": "La funci\u00f3n virBitmapParse en util/virbitmap.c en libvirt anterior a v1.1.2 permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda) a trav\u00e9s de un mapa de bits manipulado, como se demostr\u00f3 mediante un valor largo nodeset a numatune."}], "id": "CVE-2013-5651", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-30T21:55:09.660", "references": [{"source": "cve@mitre.org", "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25"}, {"source": "cve@mitre.org", "url": "http://libvirt.org/news.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/60895"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/08/30/1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1954-1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=997367"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=47b9127e883677a0d60d767030a147450e919a25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://libvirt.org/news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/08/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1954-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=997367"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libvirt: virBitmapParse out-of-bounds read access", "id": "1006493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006493"}, "csaw": false, "cvss": {"cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "cwe": "CWE-125", "details": ["The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune."], "name": "CVE-2013-5651", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "libvirt", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libvirt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libvirt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2013-08-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-5651\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-5651"], "statement": "Not vulnerable.\nThis issue did not affect the versions of libvirt package as shipped with Red Hat Enterprise Linux 5 and 6.", "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object