CVE-2013-4149
qemu: virtio-net: out-of-bounds buffer write on load
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
Desbordamiento de buffer en la función virtio_net_load en net/virtio-net.c en QEMU 1.3.0 hasta 1.7.x anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de una tabla MAC grande.
Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. Various other issues have also been addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2014-07-23 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=98f93ddd84800f207889491e0b5d851386b459cf | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2014-0927.html | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2013-4149 | 2014-09-22 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1066337 | 2014-09-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.3.0 Search vendor "Qemu" for product "Qemu" and version "1.3.0" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.3.0 Search vendor "Qemu" for product "Qemu" and version "1.3.0" | rc0 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.3.0 Search vendor "Qemu" for product "Qemu" and version "1.3.0" | rc1 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.3.0 Search vendor "Qemu" for product "Qemu" and version "1.3.0" | rc2 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.3.1 Search vendor "Qemu" for product "Qemu" and version "1.3.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.4.1 Search vendor "Qemu" for product "Qemu" and version "1.4.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.4.2 Search vendor "Qemu" for product "Qemu" and version "1.4.2" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | rc1 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | rc2 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | rc3 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.1 Search vendor "Qemu" for product "Qemu" and version "1.5.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.2 Search vendor "Qemu" for product "Qemu" and version "1.5.2" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.3 Search vendor "Qemu" for product "Qemu" and version "1.5.3" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | rc1 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | rc2 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | rc3 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.1 Search vendor "Qemu" for product "Qemu" and version "1.6.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.2 Search vendor "Qemu" for product "Qemu" and version "1.6.2" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.7.1 Search vendor "Qemu" for product "Qemu" and version "1.7.1" | - |
Affected
| ||||||