CVE-2012-4423
CVE-2012-4423 is a medium-severity vulnerability in Redhat Libvirt with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 4% (88th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Redhat Libvirt
- Published:
- Last modified:
Description
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
Frequently asked questions
- What is CVE-2012-4423?
- The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
- How severe is CVE-2012-4423?
- CVE-2012-4423 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2012-4423 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 4% (88th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2012-4423?
- CVE-2012-4423 primarily affects Redhat Libvirt. In total, 71 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2012-4423?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2012-4423 published?
- CVE-2012-4423 was published on 2012-11-19 and last updated on 2026-06-16.
References
- http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7ff9e696063189a715802d081d55a398663c15a
- http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=f8fbeb50d52520a109d71c8566fed2ea600650ec
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089976.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090121.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2012-1359.html
- http://www.openwall.com/lists/oss-security/2012/09/13/14
- http://www.securityfocus.com/bid/55541
- http://www.securitytracker.com/id?1027649
- http://www.ubuntu.com/usn/USN-1708-1
- https://bugzilla.redhat.com/show_bug.cgi?id=857133
- https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html
Affected products (71)
- cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
More vulnerabilities in Redhat Libvirt
- CVE-2016-5008 — Critical (CVSS 9.8): libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string,…
- CVE-2020-14339 — High (CVSS 8.8): A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This…
- CVE-2019-10132 — High (CVSS 8.8): A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A…
- CVE-2013-4401 — High (CVSS 8.5): The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission…
- CVE-2017-1000256 — High (CVSS 8.1): libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by…
- CVE-2019-10168 — High (CVSS 7.8): The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x…