CVE-2011-1583
Advisory lineage Upstream: 0 Downstream: 3
Downstream
Modified
Published: 12 Aug 2011, 18:00
Last modified:06 Aug 2024, 22:28
Vulnerability Summary
Overall Risk (default)
medium
28/100 CVSS Score
6.9 MEDIUM
v2.0 (nvd)
EPSS Score
0.52% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Aug 2011, 18:00
Published
Vulnerability first disclosed
06 Aug 2024, 22:28
Last Modified
Vulnerability information updated
Description
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
CVSS Metrics
- v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 0.52%• Percentile: 67%
Techniques & Countermeasures
- CWE-189•Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.
Affected Systems
- citrix•xen
3.2.0 | 3.3.0 | 4.0.0 | 4.1.0