8.8

CVE-2015-7504

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.

Data is provided by the National Vulnerability Database (NVD)
QemuQemu Version <= 2.4.1
QemuQemu Version2.5.0 Updaterc0
QemuQemu Version2.5.0 Updaterc1
QemuQemu Version2.5.0 Updaterc2
XenXen
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.61% 0.687
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/201604-03
Patch
Third Party Advisory
VDB Entry
https://security.gentoo.org/glsa/201602-01
Patch
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2015/11/30/2
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/78227
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034268
Third Party Advisory
VDB Entry
http://xenbits.xen.org/xsa/advisory-162.html
Patch
Vendor Advisory
Mitigation