Page 17 of 119 results (0.014 seconds)

CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. QEMU versión 4.1.0, presenta una pérdida de memoria en la función zrle_compress_data en el archivo ui/vnc-enc-zrle.c durante una operación de desconexión de VNC porque libz es usada inapropiadamente, resultando en una situación donde la memoria asignada en deflateInit2 no es liberada en deflateEnd. A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib's data object. This allocated memory is not freed upon disconnection, resulting in a memory leak. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html http://www.openwall.com/lists/oss-security/2020/03/05/1 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://usn.ubuntu.com/4372-1 https://www.debian.org/security/2020/dsa-4665 https://access.redhat.com/security/cve/CVE-2019-20382 https://bugzilla.redhat.com/show_bug.cgi?id=1810390 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. Se detectó una fallo de acceso al búfer de la pila fuera de límites en la manera en que el controlador de iSCSI Block versiones 2.xx de QEMU hasta 2.12.0 incluyéndola, manejó una respuesta proveniente de un servidor iSCSI mientras se comprobaba el estado de un Logical Address Block (LBA) en una rutina iscsi_co_block_status(). Un usuario remoto podría usar este fallo para bloquear el proceso de QEMU, resultando en una denegación de servicio o posible ejecución de código arbitrario con privilegios del proceso de QEMU en el host. An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://access.redhat.com/errata/RHSA-2020:0669 https://access.redhat.com/errata/RHSA-2020:0730 https://access.redhat.com/errata/RHSA-2020:0731 https://access.redhat.com/errata/RHSA-2020:0773 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711 https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html https://lists.gnu&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. El archivo tftp.c en libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, no impide el salto de directorio ..\ en Windows. • http://www.openwall.com/lists/oss-security/2020/01/17/2 https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 https://security-tracker.debian.org/tracker/CVE-2020-7211 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. El archivo tcp_emu en tcp_subr.c en libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, administra inapropiadamente la memoria, como es demostrado por los comandos IRC DCC en EMU_IRC. Esto puede causar un desbordamiento del búfer en la región heap de la memoria u otro acceso fuera de límites que puede conllevar a una DoS o un código arbitrario de ejecución potencial. A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html http://www.openwall.com/lists/oss-security/2020/01/16/2 https://access.redhat.com/errata/RHSA-2020:0348 https://access.redhat.com/errata/RHSA-2020:0775 https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 https://lists.debian.org&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert. ** EN DISPUTA ** Se descubrió un problema en la función ide_dma_cb() en el archivo hw/ide/core.c en QEMU versiones 2.4.0 hasta la versión 4.2.0. El sistema invitado puede bloquear el proceso de QEMU en el sistema host por medio de un SCSI_IOCTL_SEND_COMMAND especial. • https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html https://www.mail-archive.com/qemu-devel%40nongnu.org/msg667396.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •