Home > Vulnerability Database > CVE-2013-4371

Mend.io Vulnerability Database

CVE-2013-4371

Date: October 17, 2013

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.

Language: C

Severity Score

7.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-4371

Url: http://security.gentoo.org/glsa/glsa-201407-03.xml

Url: http://www.openwall.com/lists/oss-security/2013/10/10/12

Url: https://www.mend.io/vulnerability-database/CVE-2013-4371

Severity Score

7.1

Weakness Type (CWE)

Resource Management Errors

CWE-399

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.4
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-4371

Date: October 17, 2013

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?