VDB
CVE-2009-0036
CVE-2009-0036
PUBLISHED
CVSS 4.400000095367432 MEDIUM
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
EPSS 0.27% · 50.4th percentile
Risk Scores
CVSS 2.0
4.400000095367432
EPSS Score
0.27%
50.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| libvirt | libvirt | 0.5.1 |
| n/a | n/a | n/a |
Exploit Intelligence
- CIRCL confirmed: CVE-2009-0036 (circl-sighting)
- RHSA-2009:0382 (circl)
- oval:org.mitre.oval:def:10127 (circl)
- 33724 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=484947 (circl)
- http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28 (circl)
- [oss-security] 20090210 libvirt_proxy heads up (circl)
- 34397 (circl)
- https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html (vulncheck-nvd)
- https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html (vulncheck-nvd)
…and 3 more exploits
Timeline
- Feb 11, 2009 CVE Published
- Apr 26, 2009 PoC Published
- Apr 27, 2009 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
References
- oval:org.mitre.oval:def:10127 vdb
- [libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory mailing-list
- [libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory mailing-list
- 33724 vdb
- [libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=484947 url
- RHSA-2009:0382 vendor-advisory
- http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28 url
- [oss-security] 20090210 libvirt_proxy heads up mailing-list
- 34397 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-0036 advisory
- http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28 url