Unrated severityNVD Advisory· Published Aug 12, 2011· Updated Apr 29, 2026

CVE-2011-1583

Description

Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.

Affected products

Citrix Systems/Xen4 versions
cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:citrix:xen:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xen:4.1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.htmlnvdPatchVendor Advisory
lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.htmlnvdPatch
rhn.redhat.com/errata/RHSA-2011-0496.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000