Vulnerability Name:

CVE-2013-5651 (CCN-86801)

Assigned:2013-08-22
Published:2013-08-22
Updated:2015-01-03
Summary:The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2013-5651

Source: CCN
Type: libvirt Web site
libvirt: The virtualization API

Source: CONFIRM
Type: Patch
http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25

Source: CONFIRM
Type: UNKNOWN
http://libvirt.org/news.html

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:1550

Source: CCN
Type: oss-sec mailing list, Thu, 29 Aug 2013 16:20:00 +0200
CVE request -- libvirt: virBitmapParse out-of-bounds read access

Source: SECUNIA
Type: UNKNOWN
60895

Source: GENTOO
Type: UNKNOWN
GLSA-201412-04

Source: MLIST
Type: Patch
[oss-security] 20130830 Re: CVE request -- libvirt: virBitmapParse out-of-bounds read access

Source: CCN
Type: BID-62070
libvirt 'virBitmapParse()' Function Denial of Service Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1954-1

Source: CCN
Type: Red Hat Bugzilla Bug 997367
Running numatune with invalid nodeset parameter crash libvirtd

Source: CONFIRM
Type: Exploit, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=997367

Source: XF
Type: UNKNOWN
libvirt-virbitmapparse-dos(86801)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.3:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.4:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.5:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.8:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.10:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.11:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.11.7:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.11.8:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.12:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.9.13:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.0:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.2:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:0.10.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.0.6:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:1.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:redhat:libvirt:*:*:*:*:*:*:*:* (Version <= 1.1.1)

    • Configuration CCN 1:
  • cpe:/a:libvirt:libvirt:0.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20135651
    V
    		CVE-2013-5651
    2022-05-20
    oval:org.opensuse.security:def:31705
    P
    		Security update for postgresql, postgresql13, postgresql14 (Important)
    2021-11-20
    oval:org.opensuse.security:def:31694
    P
    		Security update for util-linux (Moderate)
    2021-10-19
    oval:org.opensuse.security:def:31693
    P
    		Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:26124
    P
    		Security update for openssl-1_1 (Low)
    2021-09-09
    oval:org.opensuse.security:def:26118
    P
    		Security update for php72 (Important)
    2021-09-02
    oval:org.opensuse.security:def:32147
    P
    		Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:36499
    P
    		libvirt-devel-1.2.5-3.76 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42634
    P
    		libvirt-1.2.5-3.76 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36227
    P
    		libvirt-1.2.5-3.76 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26060
    P
    		Security update for postgresql13 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:26049
    P
    		Security update for lz4 (Important)
    2021-05-14
    oval:org.opensuse.security:def:26048
    P
    		Security update for the Linux Kernel (Important)
    2021-05-13
    oval:org.opensuse.security:def:32060
    P
    		Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:26202
    P
    		Security update for MozillaFirefox (Important)
    2021-03-01
    oval:org.opensuse.security:def:26061
    P
    		Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:25980
    P
    		Security update for MozillaFirefox (Critical)
    2020-12-21
    oval:org.opensuse.security:def:32003
    P
    		Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:27190
    P
    		libicu-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25777
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:32447
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:26678
    P
    		coolkey on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31911
    P
    		Security update for gcc43 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27497
    P
    		libvirt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26552
    P
    		g3utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25776
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:32408
    P
    		Security update for wget (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26625
    P
    		pam_ldap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31779
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:27462
    P
    		libmusicbrainz-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26508
    P
    		Security update for phpMyAdmin (Important)
    2020-12-01
    oval:org.opensuse.security:def:32359
    P
    		Security update for strongswan (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26474
    P
    		Security update for znc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33190
    P
    		libvirt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26824
    P
    		sudo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26494
    P
    		Security update for pdns-recursor (Important)
    2020-12-01
    oval:org.opensuse.security:def:32303
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26390
    P
    		Security update for ark (Low)
    2020-12-01
    oval:org.opensuse.security:def:33151
    P
    		libgcrypt11 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26780
    P
    		lvm2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26455
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26333
    P
    		Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25852
    P
    		Security update for flash-playerqemu (Important)
    2020-12-01
    oval:org.opensuse.security:def:32513
    P
    		freetype2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26766
    P
    		libsamplerate on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26406
    P
    		Security update for mbedtls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26252
    P
    		Security update for mariadb-100 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27225
    P
    		libvirt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25788
    P
    		Security update for zeromq (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32469
    P
    		Security update for xorg-x11-server (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26727
    P
    		kdenetwork4-filesharing on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26353
    P
    		Security update for tor (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:25621
    P
    		SUSE-SU-2013:1642-1 -- Security update for libvirt
    2014-09-08
    oval:org.mitre.oval:def:19044
    P
    		USN-1954-1 -- libvirt vulnerabilities
    2014-06-30
    oval:com.ubuntu.precise:def:20135651000
    V
    		CVE-2013-5651 on Ubuntu 12.04 LTS (precise) - medium.
    2013-09-30
    BACK
    redhat libvirt 0.0.1
    redhat libvirt 0.0.2
    redhat libvirt 0.0.3
    redhat libvirt 0.0.4
    redhat libvirt 0.0.5
    redhat libvirt 0.0.6
    redhat libvirt 0.1.0
    redhat libvirt 0.1.1
    redhat libvirt 0.1.3
    redhat libvirt 0.1.4
    redhat libvirt 0.1.5
    redhat libvirt 0.1.6
    redhat libvirt 0.1.7
    redhat libvirt 0.1.8
    redhat libvirt 0.1.9
    redhat libvirt 0.2.0
    redhat libvirt 0.2.1
    redhat libvirt 0.2.2
    redhat libvirt 0.2.3
    redhat libvirt 0.3.0
    redhat libvirt 0.3.1
    redhat libvirt 0.3.2
    redhat libvirt 0.3.3
    redhat libvirt 0.4.0
    redhat libvirt 0.4.1
    redhat libvirt 0.4.2
    redhat libvirt 0.4.3
    redhat libvirt 0.4.4
    redhat libvirt 0.4.5
    redhat libvirt 0.4.6
    redhat libvirt 0.5.0
    redhat libvirt 0.5.1
    redhat libvirt 0.6.0
    redhat libvirt 0.6.1
    redhat libvirt 0.6.2
    redhat libvirt 0.6.3
    redhat libvirt 0.6.4
    redhat libvirt 0.6.5
    redhat libvirt 0.7.0
    redhat libvirt 0.7.1
    redhat libvirt 0.7.2
    redhat libvirt 0.7.3
    redhat libvirt 0.7.4
    redhat libvirt 0.7.5
    redhat libvirt 0.7.6
    redhat libvirt 0.7.7
    redhat libvirt 0.8.0
    redhat libvirt 0.8.1
    redhat libvirt 0.8.2
    redhat libvirt 0.8.3
    redhat libvirt 0.8.4
    redhat libvirt 0.8.5
    redhat libvirt 0.8.6
    redhat libvirt 0.8.7
    redhat libvirt 0.8.8
    redhat libvirt 0.9.0
    redhat libvirt 0.9.1
    redhat libvirt 0.9.2
    redhat libvirt 0.9.3
    redhat libvirt 0.9.4
    redhat libvirt 0.9.5
    redhat libvirt 0.9.6
    redhat libvirt 0.9.6.1
    redhat libvirt 0.9.6.2
    redhat libvirt 0.9.6.3
    redhat libvirt 0.9.7
    redhat libvirt 0.9.8
    redhat libvirt 0.9.9
    redhat libvirt 0.9.10
    redhat libvirt 0.9.11
    redhat libvirt 0.9.11.1
    redhat libvirt 0.9.11.2
    redhat libvirt 0.9.11.3
    redhat libvirt 0.9.11.4
    redhat libvirt 0.9.11.5
    redhat libvirt 0.9.11.6
    redhat libvirt 0.9.11.7
    redhat libvirt 0.9.11.8
    redhat libvirt 0.9.12
    redhat libvirt 0.9.13
    redhat libvirt 0.10.0
    redhat libvirt 0.10.1
    redhat libvirt 0.10.2
    redhat libvirt 0.10.2.1
    redhat libvirt 0.10.2.2
    redhat libvirt 0.10.2.3
    redhat libvirt 0.10.2.4
    redhat libvirt 0.10.2.5
    redhat libvirt 0.10.2.6
    redhat libvirt 0.10.2.7
    redhat libvirt 0.10.2.8
    redhat libvirt 1.0.0
    redhat libvirt 1.0.1
    redhat libvirt 1.0.2
    redhat libvirt 1.0.3
    redhat libvirt 1.0.4
    redhat libvirt 1.0.5
    redhat libvirt 1.0.5.1
    redhat libvirt 1.0.5.2
    redhat libvirt 1.0.5.3
    redhat libvirt 1.0.5.4
    redhat libvirt 1.0.5.5
    redhat libvirt 1.0.5.6
    redhat libvirt 1.0.6
    redhat libvirt 1.1.0
    redhat libvirt *
    libvirt libvirt 0.2.0