|Date: (C)2015-09-29 (M)2017-07-11|
|CVSS Score: 7.2||Access Vector: LOCAL|
|Exploitability Subscore: 3.9||Access Complexity: LOW|
|Impact Subscore: 10.0||Authentication: NONE|
| ||Confidentiality: COMPLETE|
| ||Integrity: COMPLETE|
| ||Availability: COMPLETE|
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 22.214.171.124 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.