Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0148

Опубликовано: 29 сент. 2022
Источник: nvd
CVSS3: 5.5
EPSS Низкий

Описание

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Версия до 2.0.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 19%
0.00061
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-835

Связанные уязвимости

CVSS3: 5.5
ubuntu
почти 3 года назад

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

redhat
больше 11 лет назад

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

CVSS3: 5.5
debian
почти 3 года назад

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to ...

CVSS3: 5.5
github
почти 3 года назад

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

oracle-oval
больше 11 лет назад

ELSA-2014-0420: qemu-kvm security update (MODERATE)

EPSS

Процентиль: 19%
0.00061
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-835