CVE-2013-0420
Oracle VirtualBox <4.3 Core - Local Integrity and Availability Impact
Title source: manualDescription
Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
Exploit, Patch x_refsource_misc
https://www.virtualbox.org/changeset/44055/vbox
Patch x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=798776
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Scores
EPSS
0.0040
EPSS Percentile
32.8%
Details
Status
published
Products (8)
opensuse/opensuse
12.1
opensuse/opensuse
12.2
oracle/virtualization
4.0
oracle/virtualization
4.1
oracle/virtualization
4.2
oracle/vm_virtualbox
4.0
oracle/vm_virtualbox
4.1.0
oracle/vm_virtualbox
4.2.0
Published
Jan 17, 2013
Tracked Since
Feb 18, 2026