The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.
2013-09-30T21:55:09.223
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | redhat | libvirt | ≤ 1.1.0 | Yes |
| Application | redhat | libvirt | 1.0.0 | Yes |
| Application | redhat | libvirt | 1.0.1 | Yes |
| Application | redhat | libvirt | 1.0.2 | Yes |
| Application | redhat | libvirt | 1.0.3 | Yes |
| Application | redhat | libvirt | 1.0.4 | Yes |
| Application | redhat | libvirt | 1.0.5 | Yes |
| Application | redhat | libvirt | 1.0.6 | Yes |