CVE-2016-2857

Опубликовано: 12 апр. 2016

Источник: nvd

CVSS3: 8.4

CVSS2: 3.6

EPSS Низкий

Описание

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

Ссылки

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b
http://rhn.redhat.com/errata/RHSA-2016-2670.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2671.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2704.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2705.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2706.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0083.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0309.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0334.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0344.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0350.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/03/03/9
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/03/07/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/84130
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2974-1
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
Mailing List
Third Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b
http://rhn.redhat.com/errata/RHSA-2016-2670.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2671.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2704.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Версия до 2.5.1.1 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

Одно из

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

Одно из

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00058

Низкий

8.4 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2016-2857

CVSS3: 8.4

ubuntu

больше 9 лет назад

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

CVE-2016-2857

CVSS3: 4.7

redhat

больше 9 лет назад

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

CVE-2016-2857

CVSS3: 8.4

debian

больше 9 лет назад

The net_checksum_calculate function in net/checksum.c in QEMU allows l ...

GHSA-r736-2mvg-hchh

CVSS3: 8.4

github

больше 3 лет назад

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

ELSA-2017-0083

oracle-oval

почти 9 лет назад

ELSA-2017-0083: qemu-kvm security and bug fix update (LOW)

EPSS

Процентиль: 18%

0.00058

Низкий

8.4 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-119