CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-17963 – QEMU: net: ignore packets with large size
https://notcve.org/view.php?id=CVE-2018-17963
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. qemu_deliver_packet_iov en net/net.c en Qemu acepta tamaños de paquetes mayores a INT_MAX, lo que permite que los atacantes provoquen una denegación de servicio (DoS) o tengan otro tipo de impacto sin especificar. A potential integer overflow issue was found in the networking back-end of QEMU. It could occur while receiving packets, because it accepted packets with large size value. Such overflow could lead to OOB buffer access issue. A user inside guest could use this flaw to crash the QEMU process resulting in DoS. • http://www.openwall.com/lists/oss-security/2018/10/08/1 https://access.redhat.com/errata/RHSA-2019:2166 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html https://usn.ubuntu.com/3826-1 https://www.debian.org/securi • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2007-5729
https://notcve.org/view.php?id=CVE-2007-5729
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability. El emulador NE2000 en QEMU 0.8.2 permite a usuarios locales ejecutar código de su elección a través de la escritura de la estructura ethernet con un tamaño mayor que el MTU en el registro EN0_TCNT, lo cual dispara un desbordamiento de búfer basado en pila en la libreria slirp, también conocida como desbordamiento de pila NE2000 "mtu". NOTA: algunas fuentes han utilizado CVE-2007-1321 para referenciar este asunto como una parte de "el controlado de red NE2000 y el código de conexión," pero este es el indentificador correcto para la vulnerabilidad de desbordamiento de mtu. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://osvdb.org/42986 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/27486 http://secunia.com/advisories/29129 http://secunia.com/advisories/33568 http://taviso.decsystem.org/virtsec.pdf http://www.attrition.org/pipermail/vim/2007-October/001842.html http://www.debian.org/security/2007/dsa-1284 http://www.mandriva.com/security/advisories?name=MDKSA& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5730 – QEMU Buffer overflow via crafted "net socket listen" option
https://notcve.org/view.php?id=CVE-2007-5730
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability. Un desbordamiento de búfer en la región heap de la memoria en QEMU versión 0.8.2, como es usado en Xen y posiblemente otros productos, permite a usuarios locales ejecutar código arbitrario por medio de datos diseñados en la opción "net socket listen", también se conoce como desbordamiento de pila "net socket" de QEMU. NOTA: algunas fuentes han usado el CVE-2007-1321 para referirse a este problema como parte de "NE2000 network driver and the socket code”, pero este es el identificador correcto para la vulnerabilidad de escucha de socket de red individual. • http://osvdb.org/42985 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/27486 http://secunia.com/advisories/29129 http://secunia.com/advisories/29963 http://taviso.decsystem.org/virtsec.pdf http://www.attrition.org/pipermail/vim/2007-October/001842.html http://www.debian.org/security/2007/dsa-1284 http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2007-1321 – xen QEMU NE2000 emulation issues
https://notcve.org/view.php?id=CVE-2007-1321
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730. Un error en la propiedad signedness de enteros en el emulador NE2000 en QEMU versión 0.8.2, tal y como es usado en Xen y posiblemente otros productos, permite a usuarios locales desencadenar un desbordamiento de búfer en la región heap de la memoria por medio de ciertos valores de registro que omiten las comprobaciones de saneamiento, también se conoce como error en la propiedad signedness de enteros "receive" de QEMU NE2000. NOTA: este identificador fue usado inadvertidamente por algunas fuentes para cubrir múltiples problemas que fueron etiquetados como "NE2000 network driver and the socket code”, pero se han creado identificadores separados para las vulnerabilidades individuales ya que existen algunas veces diferentes correcciones; consulte CVE-2007-5729 y CVE-2007-5730. • http://osvdb.org/35495 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/27047 http://secunia.com/advisories/27072 http://secunia.com/advisories/27103 http://secunia.com/advisories/27486 http://secunia.com/advisories/29129 http://securitytracker.com/id?1018761 http://taviso.decsystem.org/virtsec.pdf http://www.attrition.org/pipermail/vim/2007-October/001842.html http://www.debian.org/security/2007/dsa-1284 http://w •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1322
https://notcve.org/view.php?id=CVE-2007-1322
QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. QEMU 0.8.2 permite a usuarios locales detener una máquina virtual ejecutando la instrucción icebp. • http://osvdb.org/35496 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/29129 http://taviso.decsystem.org/virtsec.pdf http://www.debian.org/security/2007/dsa-1284 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://www.securityfocus.com/bid/23731 http://www.vupen.com/english/advisories/2007/1597 https://exchange.xforce.ibmcloud.com/vulnerabilities/34043 •