製品・ソフトウェアに関する情報

JVN脆弱性詳細

libguestfs の inspect-fs.c におけるメモリ二重解放の脆弱性

Title	libguestfs の inspect-fs.c におけるメモリ二重解放の脆弱性
Summary	libguestfs の inspect-fs.c には、メモリを二重に解放する不備があるため、サービス運用妨害 (クラッシュ) 状態にされる脆弱性が存在します。補足情報 : CWE による脆弱性タイプは、CWE-415: Double Free (二重解放) と識別されています。 http://cwe.mitre.org/data/definitions/415.html
Possible impacts	第三者により、空の guest ファイルを介して、サービス運用妨害 (クラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 24, 2013, midnight
Registration Date	May 29, 2014, 2:37 p.m.
Last Update	May 29, 2014, 2:37 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected System

Richard W.M. Jones

libguestfs 1.20.7 未満の 1.20.x

libguestfs 1.21.x

libguestfs 1.22.0

libguestfs 1.23.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-2124	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2124
National Vulnerability Database (NVD)
2	CVE-2013-2124	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2124

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
GitHub
1	inspection: Fix double-free when certain guest files are empty.	https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd

Change Log

No	Changed Details	Date of change
0	[2014年05月29日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-2124

Summary	Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.
Publication Date	May 27, 2014, 11:55 p.m.
Registration Date	Jan. 26, 2021, 3:37 p.m.
Last Update	Nov. 21, 2024, 10:51 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:libguestfs:libguestfs:1.21.11:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.20:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.8:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.4:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.3:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.14:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.10:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.21:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.22:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.23.0:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.9:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.2:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.23:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.19:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.37:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.17:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.30:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.36:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.5:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.1:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.24:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.32:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.2:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.35:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.39:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.13:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.3:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.28:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.29:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.7:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.27:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.16:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.25:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.40:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.12:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.6:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.0:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.26:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.38:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.33:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.4:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.5:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.34:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.18:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.22.0:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.15:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.1:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.6:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.31:::::::*

Related information, measures and tools

No	URL	タグ
1	http://osvdb.org/93724
2	http://osvdb.org/93724
3	http://seclists.org/oss-sec/2013/q2/431	Patch
4	http://seclists.org/oss-sec/2013/q2/431	Patch
5	http://www.securityfocus.com/bid/60205
6	http://www.securityfocus.com/bid/60205
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/85145
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/85145
9	https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd	Exploit Patch
10	https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd	Exploit Patch
11	https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html	Patch
12	https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html	Patch
13	https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html	Patch
14	https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html	Patch

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:libguestfs:libguestfs:1.21.11:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.20:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.8:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.4:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.3:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.14:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.10:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.21:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.22:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.23.0:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.9:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.2:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.23:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.19:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.37:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.17:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.30:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.36:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.5:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.1:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.24:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.32:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.2:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.35:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.39:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.13:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.3:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.28:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.29:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.7:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.27:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.16:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.25:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.40:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.12:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.6:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.0:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.26:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.38:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.33:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.4:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.5:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.34:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.18:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.22.0:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.15:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.20.1:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.6:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.21.31:::::::*