7.5

CVE-2013-4149

Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version1.3.0
QemuQemu Version1.3.0 Updaterc0
QemuQemu Version1.3.0 Updaterc1
QemuQemu Version1.3.0 Updaterc2
QemuQemu Version1.3.1
QemuQemu Version1.4.1
QemuQemu Version1.4.2
QemuQemu Version1.5.0
QemuQemu Version1.5.0 Updaterc1
QemuQemu Version1.5.0 Updaterc2
QemuQemu Version1.5.0 Updaterc3
QemuQemu Version1.5.1
QemuQemu Version1.5.2
QemuQemu Version1.5.3
QemuQemu Version1.6.0
QemuQemu Version1.6.0 Updaterc1
QemuQemu Version1.6.0 Updaterc2
QemuQemu Version1.6.0 Updaterc3
QemuQemu Version1.6.1
QemuQemu Version1.6.2
QemuQemu Version1.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.26% 0.915
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
Patch
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=98f93ddd84800f207889491e0b5d851386b459cf
http://rhn.redhat.com/errata/RHSA-2014-0927.html
Patch
Vendor Advisory