CVE-2013-2124
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
4.3
Description
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 1:1.20.8-1 |
| debian | bullseye | fixed | 1:1.20.8-1 |
| debian | forky | fixed | 1:1.20.8-1 |
| debian | sid | fixed | 1:1.20.8-1 |
| debian | trixie | fixed | 1:1.20.8-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| libguestfs | libguestfs | 1.20.0 | |
| libguestfs | libguestfs | 1.20.1 | |
| libguestfs | libguestfs | 1.20.2 | |
| libguestfs | libguestfs | 1.20.3 | |
| libguestfs | libguestfs | 1.20.4 | |
| libguestfs | libguestfs | 1.20.5 | |
| libguestfs | libguestfs | 1.20.6 | |
| libguestfs | libguestfs | 1.21.1 | |
| libguestfs | libguestfs | 1.21.2 | |
| libguestfs | libguestfs | 1.21.3 | |
| libguestfs | libguestfs | 1.21.4 | |
| libguestfs | libguestfs | 1.21.5 | |
| libguestfs | libguestfs | 1.21.6 | |
| libguestfs | libguestfs | 1.21.7 | |
| libguestfs | libguestfs | 1.21.8 | |
| libguestfs | libguestfs | 1.21.9 | |
| libguestfs | libguestfs | 1.21.10 | |
| libguestfs | libguestfs | 1.21.11 | |
| libguestfs | libguestfs | 1.21.12 | |
| libguestfs | libguestfs | 1.21.13 | |
| libguestfs | libguestfs | 1.21.14 | |
| libguestfs | libguestfs | 1.21.15 | |
| libguestfs | libguestfs | 1.21.16 | |
| libguestfs | libguestfs | 1.21.17 | |
| libguestfs | libguestfs | 1.21.18 | |
| libguestfs | libguestfs | 1.21.19 | |
| libguestfs | libguestfs | 1.21.20 | |
| libguestfs | libguestfs | 1.21.21 | |
| libguestfs | libguestfs | 1.21.22 | |
| libguestfs | libguestfs | 1.21.23 | |
| libguestfs | libguestfs | 1.21.24 | |
| libguestfs | libguestfs | 1.21.25 | |
| libguestfs | libguestfs | 1.21.26 | |
| libguestfs | libguestfs | 1.21.27 | |
| libguestfs | libguestfs | 1.21.28 | |
| libguestfs | libguestfs | 1.21.29 | |
| libguestfs | libguestfs | 1.21.30 | |
| libguestfs | libguestfs | 1.21.31 | |
| libguestfs | libguestfs | 1.21.32 | |
| libguestfs | libguestfs | 1.21.33 | |
| libguestfs | libguestfs | 1.21.34 | |
| libguestfs | libguestfs | 1.21.35 | |
| libguestfs | libguestfs | 1.21.36 | |
| libguestfs | libguestfs | 1.21.37 | |
| libguestfs | libguestfs | 1.21.38 | |
| libguestfs | libguestfs | 1.21.39 | |
| libguestfs | libguestfs | 1.21.40 | |
| libguestfs | libguestfs | 1.22.0 | |
| libguestfs | libguestfs | 1.23.0 | |
References
- http://osvdb.org/93724
- http://seclists.org/oss-sec/2013/q2/431
- http://www.securityfocus.com/bid/60205
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85145
- https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd
- https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html
- https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html
- https://security-tracker.debian.org/tracker/CVE-2013-2124
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.