CVE-2013-4535

EPSS 0.38%
Veröffentlicht 11.02.2020 16:15:12
Zuletzt bearbeitet 21.11.2024 01:55:46
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qemu ≫ Qemu Version < 1.7.2

Redhat ≫ Virtualization Version3.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Tus Version6.5

Redhat ≫ Enterprise Linux Workstation Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.565

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2014-0743.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-0744.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html

Third Party Advisory

http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html

Third Party Advisory

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4

https://bugzilla.redhat.com/show_bug.cgi?id=1066401

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2013-4535

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4535

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4535

EUVD