DEBIAN-CVE-2013-4401

DEBIAN-CVE-2013-4401 PUBLISHED

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.

Affected Products

Vendor	Product	Versions
Debian:11	libvirt	0, 0, 0
Debian:13	libvirt	0, 0, 0
Debian:14	libvirt	0, 0, 0
Debian:12	libvirt	0, 0, 0

Timeline

Nov 2, 2013 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2013-4401 advisory

Open in Interactive Console →