{"id":"DEBIAN-CVE-2012-3445","details":"The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.","modified":"2026-04-28T20:07:50.979586Z","published":"2012-08-07T21:55:02.187Z","upstream":["CVE-2012-3445"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-3445"}],"affected":[{"package":{"name":"libvirt","ecosystem":"Debian:11","purl":"pkg:deb/debian/libvirt?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.12-4"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3445.json"}},{"package":{"name":"libvirt","ecosystem":"Debian:12","purl":"pkg:deb/debian/libvirt?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.12-4"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3445.json"}},{"package":{"name":"libvirt","ecosystem":"Debian:13","purl":"pkg:deb/debian/libvirt?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.12-4"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3445.json"}},{"package":{"name":"libvirt","ecosystem":"Debian:14","purl":"pkg:deb/debian/libvirt?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.12-4"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3445.json"}}],"schema_version":"1.7.5"}