[Forgot Password]
Login  Register Subscribe

24003

 
 

131401

 
 

103942

 
 

909

 
 

84051

 
 

133

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2015-3209Date: (C)2015-06-15   (M)2018-04-14


Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1032545
BID-75123
DSA-3284
DSA-3285
DSA-3286
FEDORA-2015-10001
FEDORA-2015-9965
FEDORA-2015-9978
GLSA-201510-02
GLSA-201604-03
RHSA-2015:1087
RHSA-2015:1088
RHSA-2015:1089
RHSA-2015:1189
SUSE-SU-2015:1042
SUSE-SU-2015:1045
SUSE-SU-2015:1152
SUSE-SU-2015:1156
SUSE-SU-2015:1157
SUSE-SU-2015:1206
SUSE-SU-2015:1426
SUSE-SU-2015:1519
SUSE-SU-2015:1643
USN-2630-1
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
http://xenbits.xen.org/xsa/advisory-135.html
https://kb.juniper.net/JSA10783

CPE    2
cpe:/o:xen:xen:4.5.0
cpe:/a:qemu:qemu:-
CWE    1
CWE-119
OVAL    18
oval:org.secpod.oval:def:602139
oval:org.secpod.oval:def:602138
oval:org.secpod.oval:def:203640
oval:org.secpod.oval:def:203654
...

© 2013 SecPod Technologies