{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-28T00:00:00", "descriptions": [{"lang": "en", "value": "Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20130529 Re: Re: CVE Request -- libguestfs (1.20.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q2/431"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd"}, {"name": "libguestfs-cve20132124-inspectfs-dos(85145)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85145"}, {"name": "[Libguestfs] 20130528 ATTN: Denial of service attack possible on libguestfs 1.21.x, libguestfs.1.22.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html"}, {"name": "[Libguestfs] 20130528 Re: ATTN: Denial of service attack possible on libguestfs 1.21.x, libguestfs.1.22.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html"}, {"name": "93724", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/93724"}, {"name": "60205", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/60205"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:27:40.656Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20130529 Re: Re: CVE Request -- libguestfs (1.20.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q2/431"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd"}, {"name": "libguestfs-cve20132124-inspectfs-dos(85145)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85145"}, {"name": "[Libguestfs] 20130528 ATTN: Denial of service attack possible on libguestfs 1.21.x, libguestfs.1.22.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html"}, {"name": "[Libguestfs] 20130528 Re: ATTN: Denial of service attack possible on libguestfs 1.21.x, libguestfs.1.22.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html"}, {"name": "93724", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/93724"}, {"name": "60205", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/60205"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2124", "datePublished": "2014-05-27T15:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:27:40.656Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "662D8743-9FBE-4048-8511-6C9AF4193706", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.20.1:*:*:*:*:*:*:*", "matchCriteriaId": "6CEAA548-615C-4B5B-9E2C-7E65620EEFE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.20.2:*:*:*:*:*:*:*", "matchCriteriaId": "9825024C-F3AD-4B76-8B43-B6F78DB0B3EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.20.3:*:*:*:*:*:*:*", "matchCriteriaId": "A6A1FC10-0A20-4EA6-94D5-34629D059E03", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.20.4:*:*:*:*:*:*:*", "matchCriteriaId": "B688FBA6-1892-4EDC-A049-E90867EC4EEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.20.5:*:*:*:*:*:*:*", "matchCriteriaId": "ACA9267E-D50E-4AE9-873C-C07797E4B8D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.20.6:*:*:*:*:*:*:*", "matchCriteriaId": "02DF3922-A28E-4CFA-9907-2FAED0D72029", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.1:*:*:*:*:*:*:*", "matchCriteriaId": "A13F7320-1B55-4814-A098-940D21A462F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.2:*:*:*:*:*:*:*", "matchCriteriaId": "D27A0A05-6482-4B3F-A4A4-B1E0F82885DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.3:*:*:*:*:*:*:*", "matchCriteriaId": "0D91BEF4-301D-4A74-8C43-697B23B2E8B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.4:*:*:*:*:*:*:*", "matchCriteriaId": "4A76C10D-BD16-443D-9A7D-8938AAC6552C", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.5:*:*:*:*:*:*:*", "matchCriteriaId": "8A12C8F3-C5B2-43ED-B729-FD51DE870952", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.6:*:*:*:*:*:*:*", "matchCriteriaId": "4A57EF2D-E4C8-46A7-8889-349091EDE1B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.7:*:*:*:*:*:*:*", "matchCriteriaId": "DE39222C-BEAA-428D-A165-44DB34F79F9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.8:*:*:*:*:*:*:*", "matchCriteriaId": "09A64839-3B75-404C-A48F-3D5784627303", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.9:*:*:*:*:*:*:*", "matchCriteriaId": "8B126466-0774-43AD-9A16-74B3681AFEF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.10:*:*:*:*:*:*:*", "matchCriteriaId": "B5315942-D14F-4D2A-BDA5-B4885C090784", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.11:*:*:*:*:*:*:*", "matchCriteriaId": "5F7DCCBA-7340-49BC-8123-3539AA1B9BAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.12:*:*:*:*:*:*:*", "matchCriteriaId": "672D8506-6DC4-4E40-8843-FCB22212EBC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.13:*:*:*:*:*:*:*", "matchCriteriaId": "013A015E-AE93-44AE-991E-034DF06AE079", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.14:*:*:*:*:*:*:*", "matchCriteriaId": "AEA156D2-8AB4-477F-A75E-6BAB37361955", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.15:*:*:*:*:*:*:*", "matchCriteriaId": "C9147F40-98D4-44B3-8FF5-DAB43BC23759", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.16:*:*:*:*:*:*:*", "matchCriteriaId": "F71EDD82-6320-4A68-9107-0436887BD86B", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.17:*:*:*:*:*:*:*", "matchCriteriaId": "5E37E1CF-3969-483C-B68F-8A42E65DB050", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.18:*:*:*:*:*:*:*", "matchCriteriaId": "51693632-CFAB-466C-B0A0-49257871BA0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.19:*:*:*:*:*:*:*", "matchCriteriaId": "0EA5DE95-07D8-4DB2-91CE-C7DE34E0D603", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.20:*:*:*:*:*:*:*", "matchCriteriaId": "3E39349B-5656-4989-96E2-EF0351C582E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.21:*:*:*:*:*:*:*", "matchCriteriaId": "8B72D9E7-A1D4-4273-A7F1-FECB74D3AFE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.22:*:*:*:*:*:*:*", "matchCriteriaId": "2B23A55A-9E76-4ED6-8327-2F6362813C8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.23:*:*:*:*:*:*:*", "matchCriteriaId": "9C4AD1A3-962B-4575-A8A6-BAADB193D352", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.24:*:*:*:*:*:*:*", "matchCriteriaId": "9B1F3731-012A-4323-9000-153105F4B5C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.25:*:*:*:*:*:*:*", "matchCriteriaId": "F71207B8-E4BD-403D-8C0E-01E57179A3F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.26:*:*:*:*:*:*:*", "matchCriteriaId": "16F95FE6-A5A2-4F96-8AAE-A478E0C5E2B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.27:*:*:*:*:*:*:*", "matchCriteriaId": "96C11574-11A3-408F-B84F-AC9D6C3A7D37", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.28:*:*:*:*:*:*:*", "matchCriteriaId": "01AFC167-0E2E-4EA7-B7E6-DFBB947EEE28", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.29:*:*:*:*:*:*:*", "matchCriteriaId": "44D1FD90-C5CD-454E-A233-D979E118F20B", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.30:*:*:*:*:*:*:*", "matchCriteriaId": "39F723F4-5261-4BEE-BDD7-5E8B86E220EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.31:*:*:*:*:*:*:*", "matchCriteriaId": "0EFFBA88-0803-4FA1-B94E-98EA4542071E", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.32:*:*:*:*:*:*:*", "matchCriteriaId": "34208517-5E4C-42BA-9D85-76DC55FD10BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.33:*:*:*:*:*:*:*", "matchCriteriaId": "E7E9392B-178B-41DF-B7EA-146DF22301B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.34:*:*:*:*:*:*:*", "matchCriteriaId": "AF4E45B3-14CF-44D4-B64B-4C07B726ADC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.35:*:*:*:*:*:*:*", "matchCriteriaId": "7E354617-F38F-4982-B418-FB3F6DD7E215", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.36:*:*:*:*:*:*:*", "matchCriteriaId": "FCC2A523-707B-4F0A-8ACD-2951C6C269BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.37:*:*:*:*:*:*:*", "matchCriteriaId": "62216E2C-7A84-4F4D-92CC-EC32EECE7B82", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.38:*:*:*:*:*:*:*", "matchCriteriaId": "B523AB06-16E6-4F6C-B96A-F705550AACC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.39:*:*:*:*:*:*:*", "matchCriteriaId": "F7198CD5-595C-4DB2-AC26-218DF2005CBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.21.40:*:*:*:*:*:*:*", "matchCriteriaId": "B8080CA6-AE70-43A7-8F76-0B316DD876A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "D05D11AF-F047-4072-892F-A93C702A94EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:libguestfs:libguestfs:1.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "E484129B-92AD-4A85-845F-4944BDBCF87A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files."}, {"lang": "es", "value": "Vulnerabilidad de doble liberaci\u00f3n en inspect-fs.c en LibguestFS 1.20.x anterior a 1.20.7, 1.21.x, 1.22.0 y 1.23.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de archivos de invitados vac\u00edos."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/415.html\n\n\"CWE-415: Double Free\"", "id": "CVE-2013-2124", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-27T14:55:06.870", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/93724"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://seclists.org/oss-sec/2013/q2/431"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/60205"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85145"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/93724"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://seclists.org/oss-sec/2013/q2/431"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/60205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libguestfs: DoS (abort) due to a double free flaw when inspecting certain guest files / images", "id": "968306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=968306"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files."], "name": "CVE-2013-2124", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libguestfs", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2013-05-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2124\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2124"], "statement": "Not vulnerable. This issue did not affect the version of libguestfs as shipped with Red Hat Enterprise Linux 6 as it did not include the upstream commit 5a3da366268825b26b470cde35658b67c1d11cd4 that introduced this issue.", "threat_severity": "Moderate"}

{}