CVE-2014-1447

libvirt < 1.2.1 - Denial of Service via Keepalive Response Race Condition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1447. PoCs published by tagatac.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2014-1447, a race condition vulnerability in libvirt. The exploit involves injecting NOP instructions post-synchronization to trigger the vulnerability, with scripts to automate testing and measure exploit effectiveness.

Description

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.

Exploits (1)

nomisec WORKING POC

by tagatac · poc

https://github.com/tagatac/libvirt-CVE-2014-1447

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2014-1447, a race condition vulnerability in libvirt. The exploit involves injecting NOP instructions post-synchronization to trigger the vulnerability, with scripts to automate testing and measure exploit effectiveness.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Racy

Target: libvirt (versions affected by CVE-2014-1447)

No auth needed

Prerequisites: Access to a system running vulnerable libvirt · Ability to execute scripts and compile code

MITRE ATT&CK