Page 50 of 312 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. Desbordamiento de búfer basado en memoria dinámica (heap) en la función pcnet_receive en hw/net/pcnet.c en QEMU permite que administradores del sistema operativo invitados provoquen una denegación de servicio (cierre inesperado de la instancia) o que puedan ejecutar código arbitrario mediante una serie de paquetes en modo de bucle invertido. A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user (with the CAP_SYS_RAWIO capability) inside a guest could use this flaw to crash the host QEMU process (resulting in denial of service) or, potentially, execute arbitrary code with privileges of the host QEMU process. • http://rhn.redhat.com/errata/RHSA-2015-2694.html http://rhn.redhat.com/errata/RHSA-2015-2695.html http://rhn.redhat.com/errata/RHSA-2015-2696.html http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/11/30/2 http://www.securityfocus.com/bid/78227 http://www.securitytracker.com/id/1034268 http://xenbits.xen.org/xsa/advisory • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.0EPSS: 4%CPEs: 14EXPL: 0

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Desbordamiento de buffer en la función pcnet_receive en hw/net/pcnet.c en QEMU, cuando un NIC invitado tiene un MTU más grande, permite a atacantes provocar una denegación de servicio (caída de SO invitado) o ejecutar código arbitrario a través de un paquete grande. A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f http://rhn.redhat.com/errata/RHSA-2015-2694.html http://rhn.redhat.com/errata/RHSA-2015-2695.html http://rhn.redhat.com/errata/RHSA-2015-2696.html http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/11/30/3 http://www.oracle.com/technetwork/topics/securi • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •

CVSS: 5.0EPSS: 7%CPEs: 5EXPL: 0

hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. hw/virtio/virtio.c en el soporte Virtual Network Device (virtio-net) en QEMU, cuando buffers de recepción de gran tamaño o fusionables no son soportados, permite a atacantes remotos causar una denegación de servicio (consumo de la red de invitado) a través de una inundación de marcos jumbo en la interfaz (1) tuntap o (2) macvtap. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169767.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169802.html http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/09/18/5 http://www.openwall.com/lists/oss-security/2015&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. Un desbordamiento de enteros en el controlador de pantalla VNC en QEMU versiones anteriores a 2.1.0, permite a atacantes causar una denegación de servicio (bloqueo del proceso) mediante un mensaje CLIENT_CUT_TEXT, que desencadena un bucle infinito. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html http://www.openwall.com/lists/oss-security&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Desbordamiento de buffer basado en memoria dinámica en la función ne2000_receive en hw/net/ne2000.c en QEMU en versiones anteriores a 2.4.0.1, permite a usuarios invitados del SO provocar una denegación de servicio (caída de la instancia) o posiblemente ejecutar código arbitrario a través de vectores relacionados con la recepción de paquetes. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://rhn.redhat.com/errata/RHSA-2015-1896.html http://rhn.redhat.com/errata/RHSA-2015-1923.html ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •