CVE-2013-2218

libvirt 1.0.6 - Denial of Service via virConnectListAllInterfaces Double Free

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2218. PoCs published by Daniel P. Berrange.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in libvirt by triggering a crash via the 'virsh' command with specific arguments. The command causes the application to fail, denying service to legitimate users.

Description

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Daniel P. Berrange · textdoslinux
https://www.exploit-db.com/exploits/38622

This exploit demonstrates a denial-of-service vulnerability in libvirt by triggering a crash via the 'virsh' command with specific arguments. The command causes the application to fail, denying service to legitimate users.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: libvirt (versions affected by CVE-2013-2218)
Auth required
Prerequisites: Access to a system with libvirt installed · Permissions to execute the 'virsh' command
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_confirm
http://libvirt.org/news.html
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/07/01/6

Scores

EPSS 0.0827
EPSS Percentile 94.2%

Details

CWE
CWE-399
Status published
Products (1)
redhat/libvirt 1.0.6
Published Sep 30, 2013
Tracked Since Feb 18, 2026