CVE-2015-5279
qemu: Heap overflow vulnerability in ne2000_receive() function
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
Desbordamiento de buffer basado en memoria dinámica en la función ne2000_receive en hw/net/ne2000.c en QEMU en versiones anteriores a 2.4.0.1, permite a usuarios invitados del SO provocar una denegación de servicio (caída de la instancia) o posiblemente ejecutar código arbitrario a través de vectores relacionados con la recepción de paquetes.
A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host.
Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Qinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-07-01 CVE Reserved
- 2015-09-21 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2015/09/15/3 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/76746 | Vdb Entry | |
| http://www.securitytracker.com/id/1033569 | Vdb Entry | |
| https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html | Mailing List | |
| https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|