CVE-2013-4535

EPSS 0.38%
Published 11.02.2020 16:15:12
Last modified 21.11.2024 01:55:46
Source secalert@redhat.com
Teams watchlist Login
Open Login

The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Qemu ≫ Qemu Version < 1.7.2

Redhat ≫ Virtualization Version3.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Tus Version6.5

Redhat ≫ Enterprise Linux Workstation Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.38%	0.565

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2014-0743.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-0744.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html

Third Party Advisory

http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html

Third Party Advisory

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4

https://bugzilla.redhat.com/show_bug.cgi?id=1066401

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2013-4535

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4535

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4535

EUVD