6.5

CVE-2015-5745

Exploit
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version < 2.4.0
FedoraprojectFedora Version21
FedoraprojectFedora Version22
FedoraprojectFedora Version23
AristaEos Version4.12
AristaEos Version4.13
AristaEos Version4.14
AristaEos Version4.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.01% 0.857
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2015/08/06/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2015/08/06/5
Third Party Advisory
Exploit
Mailing List
https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295
Patch
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html
Patch
Third Party Advisory
Mailing List