5.5

CVE-2015-8744

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.4.1
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.311
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201602-01
Third Party Advisory
http://www.debian.org/security/2016/dsa-3471
Third Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b
http://www.openwall.com/lists/oss-security/2016/01/04/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/01/04/6
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/79821
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034576
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1270871
Third Party Advisory
Issue Tracking