What is CVE-2012-0217?

CVE-2012-0217 is a vulnerability in Citrix Xenserver, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-06-12.

Is CVE-2012-0217 known to be exploited?

34 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Citrix Xenserver

CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD b…

Vulnerability class: Buffer Overflow

EPSS: 0.880 (99.5th percentile) — read the EPSS interpretation.

Affected products

Citrix Xenserver — versions 6.0
Freebsd
Illumos
Joyent Smartos
Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_xp
Netbsd
Sun Sunos

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

55082 (x_refsource_SECUNIA, third-party-advisory)
TA12-164A (US Government Resource, x_refsource_CERT, third-party-advisory)
security@debian.org (x_refsource_CONFIRM)
MS12-042 (x_refsource_MS, vendor-advisory)
28718 (exploit, x_refsource_EXPLOIT-DB)
security@debian.org (x_refsource_CONFIRM)
NetBSD-SA2012-003 (vendor-advisory, x_refsource_NETBSD)
GLSA-201309-24 (vendor-advisory, x_refsource_GENTOO)
oval:org.mitre.oval:def:15596 (x_refsource_OVAL, signature, vdb-entry)
DSA-2501 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2012-0217?: CVE-2012-0217 is a vulnerability in Citrix Xenserver, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-06-12.
Is CVE-2012-0217 known to be exploited?: 34 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.