CVE-2013-4399
EPSS 0.71%
Description
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.
How to fix CVE-2013-4399
To remediate CVE-2013-4399, upgrade the affected package to a fixed version below.
- Debian/libvirt—upgrade to 1.1.4-1 or later
Is CVE-2013-4399 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.1.4-1