CVE-2013-4149
qemu: virtio-net: out-of-bounds buffer write on load
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
Desbordamiento de buffer en la función virtio_net_load en net/virtio-net.c en QEMU 1.3.0 hasta 1.7.x anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de una tabla MAC grande.
Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. Various other issues have also been addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-12 CVE Reserved
- 2014-07-23 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=98f93ddd84800f207889491e0b5d851386b459cf | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2014-0927.html | 2023-02-13 |
URL | Date | SRC |
---|---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2013-4149 | 2014-09-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1066337 | 2014-09-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.3.0 Search vendor "Qemu" for product "Qemu" and version "1.3.0" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.3.0 Search vendor "Qemu" for product "Qemu" and version "1.3.0" | rc0 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.3.0 Search vendor "Qemu" for product "Qemu" and version "1.3.0" | rc1 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.3.0 Search vendor "Qemu" for product "Qemu" and version "1.3.0" | rc2 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.3.1 Search vendor "Qemu" for product "Qemu" and version "1.3.1" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.4.1 Search vendor "Qemu" for product "Qemu" and version "1.4.1" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.4.2 Search vendor "Qemu" for product "Qemu" and version "1.4.2" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | rc1 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | rc2 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.0 Search vendor "Qemu" for product "Qemu" and version "1.5.0" | rc3 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.1 Search vendor "Qemu" for product "Qemu" and version "1.5.1" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.2 Search vendor "Qemu" for product "Qemu" and version "1.5.2" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.5.3 Search vendor "Qemu" for product "Qemu" and version "1.5.3" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | rc1 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | rc2 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.0 Search vendor "Qemu" for product "Qemu" and version "1.6.0" | rc3 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.1 Search vendor "Qemu" for product "Qemu" and version "1.6.1" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.6.2 Search vendor "Qemu" for product "Qemu" and version "1.6.2" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 1.7.1 Search vendor "Qemu" for product "Qemu" and version "1.7.1" | - |
Affected
|