// For flags

CVE-2015-5279

qemu: Heap overflow vulnerability in ne2000_receive() function

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

Desbordamiento de buffer basado en memoria dinámica en la función ne2000_receive en hw/net/ne2000.c en QEMU en versiones anteriores a 2.4.0.1, permite a usuarios invitados del SO provocar una denegación de servicio (caída de la instancia) o posiblemente ejecutar código arbitrario a través de vectores relacionados con la recepción de paquetes.

A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Adjacent
Attack Complexity
High
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-07-01 CVE Reserved
  • 2015-09-21 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-122: Heap-based Buffer Overflow
CAPEC
References (20)
URL Tag Source
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/09/15/3 Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html X_refsource_confirm
http://www.securityfocus.com/bid/76746 Vdb Entry
http://www.securitytracker.com/id/1033569 Vdb Entry
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html Mailing List
https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14 X_refsource_misc
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1896.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1923.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1924.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1925.html 2023-02-13
http://www.debian.org/security/2015/dsa-3361 2023-02-13
http://www.debian.org/security/2015/dsa-3362 2023-02-13
https://security.gentoo.org/glsa/201602-01 2023-02-13
https://access.redhat.com/security/cve/CVE-2015-5279 2015-11-16
https://bugzilla.redhat.com/show_bug.cgi?id=1256672 2015-11-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Qemu
Search vendor "Qemu"
 Qemu
Search vendor "Qemu" for product "Qemu"
 <= 2.4.0
Search vendor "Qemu" for product "Qemu" and version " <= 2.4.0"
-
Affected