[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0150Date: (C)2014-04-22   (M)2023-12-22


Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 4.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-57878
SECUNIA-58191
DSA-2909
DSA-2910
USN-2182-1
http://article.gmane.org/gmane.comp.emulators.qemu/266768
http://thread.gmane.org/gmane.comp.emulators.qemu/266713
https://bugzilla.redhat.com/show_bug.cgi?id=1078846

CPE    93
cpe:/a:qemu:qemu:0.12.5
cpe:/a:qemu:qemu:1.0.1
cpe:/a:qemu:qemu:0.12.2
cpe:/a:qemu:qemu:0.12.1
...
CWE    1
CWE-189
OVAL    37
oval:org.secpod.oval:def:601263
oval:org.secpod.oval:def:601272
oval:org.secpod.oval:def:1500565
oval:org.secpod.oval:def:701958
...

© SecPod Technologies