Unrated severityNVD Advisory· Published Feb 8, 2013· Updated Apr 29, 2026

CVE-2013-0170

Description

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Affected products

Red Hat/Libvirt
cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
Range: >=0.9.6,<0.9.6.4
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
SUSE S.A./Linux Enterprise Software Development Kit
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Fedoraproject/Fedora3 versions
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux2 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
libvirt.org/news.htmlnvdRelease NotesVendor Advisory
lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-0199.htmlnvdThird Party Advisory
secunia.com/advisories/52001nvdThird Party Advisory
secunia.com/advisories/52003nvdThird Party Advisory
wiki.libvirt.org/page/Maintenance_ReleasesnvdRelease NotesVendor Advisory
www.securityfocus.com/bid/57578nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1028047nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-1708-1nvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/81552nvdThird Party AdvisoryVDB Entry
osvdb.org/89644nvdBroken Link
libvirt.org/git/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.016
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000