Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2013-4401

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.

  • Published: Nov 2, 2013
  • Updated: Nov 8, 2023
  • CVE: CVE-2013-4401
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 8.5
  • AV:N/AC:M/Au:S/C:C/I:C/A:C

CWEs:

Software From Fixed in
redhat / libvirt 1.1.2 1.1.2.x
redhat / libvirt 1.1.1 1.1.1.x
redhat / libvirt 1.1.0 1.1.0.x
redhat / libvirt 1.1.3 1.1.3.x