Vulnerability CVE-2013-4371

Vulnerability Name:

CVE-2013-4371 (CCN-87797)

Assigned:

2013-10-10

Published:

2013-10-10

Updated:

2017-01-07

Summary:

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2013-4371

Source: CCN
Type: XSA-70
use-after-free in libxl_list_cpupool under memory pressure

Source: GENTOO
Type: UNKNOWN
GLSA-201407-03

Source: MLIST
Type: UNKNOWN
[oss-security] 20131010 Xen Security Advisory 70 (CVE-2013-4371) - use-after-free in libxl_list_cpupool under memory pressure

Source: CCN
Type: OSVDB ID: 98287
Xen libxl_list_cpupool Multithreaded Toolstack Use-after-free Local DoS

Source: CCN
Type: BID-62932
Xen CVE-2013-4371 Use After Free Remote Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
xen-cve20134371-dos(87797)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4371

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:4.2.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.2.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.3.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:4.1:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20134371	V	CVE-2013-4371	2022-05-20
oval:org.opensuse.security:def:34683	P	Security update for ghostscript (Moderate)	2022-01-14
oval:org.opensuse.security:def:26218	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:30282	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:55975	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:34593	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:26161	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:56087	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:57518	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:26143	P	Security update for curl (Moderate)	2021-10-11
oval:org.opensuse.security:def:26132	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:26131	P	Security update for xen (Moderate)	2021-09-21
oval:org.opensuse.security:def:34536	P	Security update for mariadb (Moderate)	2021-09-09
oval:org.opensuse.security:def:32160	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:56049	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:31647	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:26080	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:36582	P	xen-devel-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:30208	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:42734	P	xen-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36327	P	xen-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32103	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:30196	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:30197	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:57444	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:55883	P	Security update for spamassassin (Important)	2021-04-12
oval:org.opensuse.security:def:26207	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:32247	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:34438	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:55218	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:31685	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:55775	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:32011	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:35696	P	file-32bit-4.24-43.19.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35737	P	libadns1-1.4-73.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:28855	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:26470	P	Security update for git-annex (Moderate)	2020-12-01
oval:org.opensuse.security:def:26800	P	pango on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27137	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27872	P	Recommended update for python-setuptools (Moderate)	2020-12-01
oval:org.opensuse.security:def:27406	P	gd-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27691	P	Security update for xorg-x11-libXt	2020-12-01
oval:org.opensuse.security:def:28036	P	Security update for bzr (Moderate)	2020-12-01
oval:org.opensuse.security:def:28182	P	Security update for kernel modules packages (Moderate)	2020-12-01
oval:org.opensuse.security:def:30414	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30802	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:30965	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:54807	P	hyper-v on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55490	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:31805	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32508	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33251	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34207	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:34900	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:35058	P	Security update for java-1_6_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25877	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26506	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26652	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26335	P	security update for go (Low)	2020-12-01
oval:org.opensuse.security:def:26708	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26863	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26534	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26884	P	dhcpcd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27176	P	libblkid1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27907	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:27417	P	ibutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27748	P	Security update for freetype2	2020-12-01
oval:org.opensuse.security:def:28085	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:28820	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:30503	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:30857	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:31009	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:54644	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55045	P	xscreensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31879	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32547	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33290	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34218	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:34949	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26555	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27290	P	shim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26416	P	Security update for nginx (Moderate)	2020-12-01
oval:org.opensuse.security:def:26761	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26907	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26458	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:26662	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27035	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27190	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27481	P	librsvg-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27832	P	Security update for lxc (Moderate)	2020-12-01
oval:org.opensuse.security:def:28124	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30560	P	Security update for OpenSSL	2020-12-01
oval:org.opensuse.security:def:30906	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:54645	P	pam_ssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56168	P	Security update for cvs (Moderate)	2020-12-01
oval:org.opensuse.security:def:31793	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32403	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:32569	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34302	P	Security update for quagga	2020-12-01
oval:org.opensuse.security:def:34988	P	Security update for glib2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25952	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26302	P	Security update for python-PyYAML (Moderate)	2020-12-01
oval:org.opensuse.security:def:26594	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27325	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26810	P	pure-ftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27545	P	python-imaging on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26459	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26743	P	libdrm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27088	P	automake on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27234	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27405	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27609	P	Security update for pidgin	2020-12-01
oval:org.opensuse.security:def:27983	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28138	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:30647	P	Security update for xorg-x11-libxcb	2020-12-01
oval:org.opensuse.security:def:30945	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:54667	P	qemu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55324	P	libzzip-0-13 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31794	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32459	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:32613	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34206	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:34842	P	Security update for bind (Moderate)	2020-12-01
oval:org.opensuse.security:def:35014	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25876	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:26453	P	Security update for kauth (Moderate)	2020-12-01
oval:org.opensuse.security:def:26608	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26557	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26849	P	zoo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27580	P	xen-devel on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:24980	P	SUSE-SU-2013:1774-1 -- Security update for Xen	2014-09-08
oval:org.opensuse.security:def:80152	P	Security update for Xen	2013-10-29
oval:com.ubuntu.precise:def:20134371000	V	CVE-2013-4371 on Ubuntu 12.04 LTS (precise) - low.	2013-10-17

BACK