CVE-2013-0170

Name: CVE-2013-0170
Creator: NVD / NIST
Published: 2013-02-08T20:55:01.297+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.77%

Last modified Jun 16, 2026

CVE-2013-0170 is a vulnerability of currently unknown severity. Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.. EPSS estimates a 5.77% chance of exploitation in the next 30 days.

Description

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Metrics

EPSS Probability

5.77%

92.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-416

Affected Software

Vendor	Product	Versions	Update
Redhat	Libvirt	>= 0.9.6, < 0.9.6.4	—
Redhat	Libvirt	>= 0.9.11, < 0.9.11.9	—
Redhat	Libvirt	>= 0.10.2, < 0.10.2.3	—
Redhat	Libvirt	>= 1.0.0, < 1.0.2	—
Opensuse	Opensuse	12.1	—
Opensuse	Opensuse	12.2	—
Suse	Linux Enterprise Desktop	11	Sp2
Suse	Linux Enterprise Server	11	Sp2
Suse	Linux Enterprise Software Development Kit	11	Sp2
Fedoraproject	Fedora	16	—
Fedoraproject	Fedora	17	—
Fedoraproject	Fedora	18	—
Redhat	Enterprise Linux Desktop	6.0	—
Redhat	Enterprise Linux Eus	6.3	—
Redhat	Enterprise Linux Server	6.0	—
Redhat	Enterprise Linux Workstation	6.0	—
Canonical	Ubuntu Linux	12.04	—
Canonical	Ubuntu Linux	12.10	—

References

http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720
http://libvirt.org/news.htmlRelease Notes, Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.htmlMailing List, Third Party Advisory
http://osvdb.org/89644Broken Link
http://rhn.redhat.com/errata/RHSA-2013-0199.htmlThird Party Advisory
http://secunia.com/advisories/52001Third Party Advisory
http://secunia.com/advisories/52003Third Party Advisory
http://wiki.libvirt.org/page/Maintenance_ReleasesRelease Notes, Vendor Advisory
http://www.securityfocus.com/bid/57578Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1028047Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-1708-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=893450Issue Tracking, Patch, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/81552Third Party Advisory, VDB Entry
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720
http://libvirt.org/news.htmlRelease Notes, Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.htmlMailing List, Third Party Advisory
http://osvdb.org/89644Broken Link
http://rhn.redhat.com/errata/RHSA-2013-0199.htmlThird Party Advisory
http://secunia.com/advisories/52001Third Party Advisory
http://secunia.com/advisories/52003Third Party Advisory
http://wiki.libvirt.org/page/Maintenance_ReleasesRelease Notes, Vendor Advisory
http://www.securityfocus.com/bid/57578Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1028047Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-1708-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=893450Issue Tracking, Patch, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/81552Third Party Advisory, VDB Entry

Timeline

Published: Feb 8, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-0170?

How severe is CVE-2013-0170?

Severity scoring for CVE-2013-0170 is pending analysis. The EPSS model estimates a 5.77% probability of exploitation in the next 30 days.

How do I fix CVE-2013-0170?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-0170?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST