CVE-2011-1583

Currently unrated

Key Information:

Vendor: Citrix
Status: Xen
Vendor: CVE Published:; 12 August 2011

Summary

Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.

References

http://lists.xensource.com/archives/html/xen-devel/2011-0...

mailing-listx_refsource_MLIST

http://rhn.redhat.com/errata/RHSA-2011-0496.html

vendor-advisoryx_refsource_REDHAT

http://lists.xensource.com/archives/html/xen-devel/2011-0...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Aug 12, 2011
Vulnerability Reserved
Apr 5, 2011

Collectors

NVD DatabaseMitre Database