CVE-2009-0036 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-0036 PUBLISHED CVSS 4.400000095367432 MEDIUM

Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.

EPSS 0.24% · 47.5th percentile

Risk Scores

CVSS v2.0

4.400000095367432

EPSS Score

0.24%

47.5th percentile

Affected Products

Vendor	Product	Versions
libvirt	libvirt	0.5.1
n/a	n/a	n/a

Timeline

Feb 11, 2009 CVE Published
Apr 26, 2009 PoC Published
Apr 27, 2009 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 4, 2023 EPSS Score
Feb 13, 2023 EPSS Score

References

oval:org.mitre.oval:def:10127 vdb
[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory mailing-list
[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory mailing-list
33724 vdb
[libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory mailing-list
https://bugzilla.redhat.com/show_bug.cgi?id=484947 url
RHSA-2009:0382 vendor-advisory
http://git.et.redhat.com/?p=libvirt.git%3Ba=commitdiff%3Bh=2bb0657e28 url
[oss-security] 20090210 libvirt_proxy heads up mailing-list
34397 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2009-0036 advisory
http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28 url

Open in Interactive Console →