[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111666

 
 

909

 
 

87321

 
 

136

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2015-3209Date: (C)2015-06-15   (M)2018-05-10


Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1032545
BID-75123
DSA-3284
DSA-3285
DSA-3286
FEDORA-2015-10001
FEDORA-2015-9965
FEDORA-2015-9978
GLSA-201510-02
GLSA-201604-03
RHSA-2015:1087
RHSA-2015:1088
RHSA-2015:1089
RHSA-2015:1189
SUSE-SU-2015:1042
SUSE-SU-2015:1045
SUSE-SU-2015:1152
SUSE-SU-2015:1156
SUSE-SU-2015:1157
SUSE-SU-2015:1206
SUSE-SU-2015:1426
SUSE-SU-2015:1519
SUSE-SU-2015:1643
USN-2630-1
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
http://xenbits.xen.org/xsa/advisory-135.html
https://kb.juniper.net/JSA10783

CPE    2
cpe:/o:xen:xen:4.5.0
cpe:/a:qemu:qemu:-
CWE    1
CWE-119
OVAL    18
oval:org.secpod.oval:def:109222
oval:org.secpod.oval:def:602139
oval:org.secpod.oval:def:109347
oval:org.secpod.oval:def:109402
...

© SecPod Technologies