A part of the returned monitor response was freed twice and caused crashes of the daemon when using guest agent cpu count retrieval.
A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd or, potentially, escalate their privilages to that of libvirtd process.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=984821https://www.redhat.com/archives/libvir-list/2013-July/msg01035.html
Acknowledgements:
This issue was discovered by Petr Krempa of Red Hat.
Statement:
Not vulnerable. This issue did not affect the versions of libvirt as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.