CVE-2013-4527 – qemu: hpet: buffer overrun on invalid state load
https://notcve.org/view.php?id=CVE-2013-4527
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. Desbordamiento de buffer en hw/timer/hpet.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el número de temporizadores. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3f1c49e2136fa08ab1ef3183fd55def308829584 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0927.html https://access.redhat.com/security/cve/CVE-2013-4527 https://bugzilla.redhat.com/show_bug.cgi?id=1066347 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4148 – qemu: virtio-net: buffer overflow on invalid state load
https://notcve.org/view.php?id=CVE-2013-4148
Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. Error de signo de enteros en la función virtio_net_load en hw/net/virtio-net.c en QEMU 1.x anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, lo que provoca un desbordamiento de buffer. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=71f7fe48e10a8437c9d42d859389f37157f59980 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2013-4148 https://bugzilla.redhat.com/show_bug.cgi?id=1066334 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVE-2013-6399 – qemu: virtio: buffer overrun on incoming migration
https://notcve.org/view.php?id=CVE-2013-6399
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. Error del indice del array en la función virtio_load en hw/virtio/virtio.c en QEMU anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2013-6399 https://bugzilla.redhat.com/show_bug.cgi?id=1066361 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4541 – qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
https://notcve.org/view.php?id=CVE-2013-4541
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. La función usb_device_post_load en hw/usb/bus.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, relacionado con un valor setup_len o setup_index negativo. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2013-4541 https://bugzilla.redhat.com/show_bug.cgi?id=1066384 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0182 – qemu: virtio: out-of-bounds buffer write on state load with invalid config_len
https://notcve.org/view.php?id=CVE-2014-0182
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. Desbordamiento de buffer basado en memoria dinámica en la función virtio_load en hw/virtio/virtio.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de una longitud de configuración manipulada en un imagen savevm. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2014-0182 https://bugzilla.redhat.com/show_bug.cgi?id=1088986 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •