9.9

CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version < 2.9.0
CitrixXenserver Version6.0.2
CitrixXenserver Version6.2.0 Updatesp1
CitrixXenserver Version6.5 Updatesp1
CitrixXenserver Version7.0
CitrixXenserver Version7.1
RedhatOpenstack Version5.0
RedhatOpenstack Version6.0
RedhatOpenstack Version7.0
RedhatOpenstack Version8
RedhatOpenstack Version9
RedhatOpenstack Version10
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.45% 0.902
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.9 3.1 6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
secalert@redhat.com 5.5 1.3 3.7
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html
Third Party Advisory
https://security.gentoo.org/glsa/201706-03
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0980
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0981
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0982
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0983
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0984
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0988
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1205
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1206
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1441
Third Party Advisory
http://www.securityfocus.com/bid/96893
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038023
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:0985
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0987
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603
Third Party Advisory
Issue Tracking
https://support.citrix.com/article/CTX221578
Third Party Advisory