8.8

CVE-2015-7504

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.4.1
QemuQemu Version2.5.0 Updaterc0
QemuQemu Version2.5.0 Updaterc1
QemuQemu Version2.5.0 Updaterc2
XenXen
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.733
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/201604-03
Patch
Third Party Advisory
VDB Entry
https://security.gentoo.org/glsa/201602-01
Patch
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2015/11/30/2
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/78227
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034268
Third Party Advisory
VDB Entry
http://xenbits.xen.org/xsa/advisory-162.html
Patch
Vendor Advisory
Mitigation