ID CVE-2011-2511
Summary Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 13-02-2023 - 04:31)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 717199
    title CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment libvirt is earlier than 0:0.8.2-22.el5
            oval oval:com.redhat.rhsa:tst:20111019001
          • comment libvirt is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090382002
        • AND
          • comment libvirt-devel is earlier than 0:0.8.2-22.el5
            oval oval:com.redhat.rhsa:tst:20111019003
          • comment libvirt-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090382004
        • AND
          • comment libvirt-python is earlier than 0:0.8.2-22.el5
            oval oval:com.redhat.rhsa:tst:20111019005
          • comment libvirt-python is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090382006
    rhsa
    id RHSA-2011:1019
    released 2011-07-21
    severity Moderate
    title RHSA-2011:1019: libvirt security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 728546
    title [libvirt] [logs] null dereference while preparing libvirt logs
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment libvirt is earlier than 0:0.8.7-18.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111197001
          • comment libvirt is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131581002
        • AND
          • comment libvirt-client is earlier than 0:0.8.7-18.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111197003
          • comment libvirt-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131581004
        • AND
          • comment libvirt-devel is earlier than 0:0.8.7-18.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111197005
          • comment libvirt-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131581006
        • AND
          • comment libvirt-python is earlier than 0:0.8.7-18.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111197007
          • comment libvirt-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131581010
    rhsa
    id RHSA-2011:1197
    released 2011-08-23
    severity Moderate
    title RHSA-2011:1197: libvirt security and bug fix update (Moderate)
rpms
  • libvirt-0:0.8.2-22.el5
  • libvirt-debuginfo-0:0.8.2-22.el5
  • libvirt-devel-0:0.8.2-22.el5
  • libvirt-python-0:0.8.2-22.el5
  • libvirt-0:0.8.7-18.el6_1.1
  • libvirt-client-0:0.8.7-18.el6_1.1
  • libvirt-debuginfo-0:0.8.7-18.el6_1.1
  • libvirt-devel-0:0.8.7-18.el6_1.1
  • libvirt-python-0:0.8.7-18.el6_1.1
refmap via4
confirm http://libvirt.org/news.html
debian DSA-2280
fedora
  • FEDORA-2011-9062
  • FEDORA-2011-9091
mlist
  • [libvirt] 20110624 [PATCH 2/2] remote: protect against integer overflow
  • [oss-security] 20110628 CVE request: libvirt: integer overflow in VirDomainGetVcpus
sectrack 1025822
secunia
  • 45375
  • 45441
  • 45446
suse SUSE-SU-2011:0837
ubuntu USN-1180-1
xf libvirt-virdomaingetvcpus-bo(68271)
Last major update 13-02-2023 - 04:31
Published 10-08-2011 - 20:55
Last modified 13-02-2023 - 04:31
Back to Top