CVSS: 7.5EPSS: 7%CPEs: 92EXPL: 0CVE-2013-4542 – qemu: virtio-scsi: buffer overrun on invalid state load
https://notcve.org/view.php?id=CVE-2013-4542
The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. La función virtio_scsi_load_request en hw/scsi/scsi-bus.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, lo que provoca un acceso al array fuera de rango. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3c3ce981423e0d6c18af82ee62f1850c2cda5976 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2013-4542 https://bugzilla.redhat.com/show_bug.cgi?id=1066382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 27EXPL: 0CVE-2013-4148 – qemu: virtio-net: buffer overflow on invalid state load
https://notcve.org/view.php?id=CVE-2013-4148
Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. Error de signo de enteros en la función virtio_net_load en hw/net/virtio-net.c en QEMU 1.x anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, lo que provoca un desbordamiento de buffer. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=71f7fe48e10a8437c9d42d859389f37157f59980 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2013-4148 https://bugzilla.redhat.com/show_bug.cgi?id=1066334 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 6%CPEs: 92EXPL: 0CVE-2013-6399 – qemu: virtio: buffer overrun on incoming migration
https://notcve.org/view.php?id=CVE-2013-6399
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. Error del indice del array en la función virtio_load en hw/virtio/virtio.c en QEMU anterior a 1.7.2 permite a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2013-6399 https://bugzilla.redhat.com/show_bug.cgi?id=1066361 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4536 – qemu: virtio: insufficient validation of num_sg when mapping
https://notcve.org/view.php?id=CVE-2013-4536
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Un usuario capaz de alterar los datos de savevm (ya sea en el disco o por cable durante la migración) podría usar este fallo para corromper la memoria del proceso de QEMU en el host (de destino), lo que potencialmente podría resultar en una ejecución de código arbitraria en el host con los privilegios del proceso QEMU • https://bugzilla.redhat.com/show_bug.cgi?id=1066401 https://security.netapp.com/advisory/ntap-20210727-0002 https://access.redhat.com/security/cve/CVE-2013-4536 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 7%CPEs: 92EXPL: 0CVE-2013-4541 – qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
https://notcve.org/view.php?id=CVE-2013-4541
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. La función usb_device_post_load en hw/usb/bus.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de un imagen savevm manipulado, relacionado con un valor setup_len o setup_index negativo. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0743.html http://rhn.redhat.com/errata/RHSA-2014-0744.html https://access.redhat.com/security/cve/CVE-2013-4541 https://bugzilla.redhat.com/show_bug.cgi?id=1066384 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •