Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3507

Опубликовано: 06 мая 2021
Источник: nvd
CVSS3: 6.1
CVSS2: 3.6
EPSS Низкий

Описание

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Версия до 6.0.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*

EPSS

Процентиль: 4%
0.00019
Низкий

6.1 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-119
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2021-3507

CVSS3: 6.1
ubuntu
больше 4 лет назад

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

redhat логотип

CVE-2021-3507

CVSS3: 4.6
redhat
больше 4 лет назад

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

msrc логотип

CVE-2021-3507

CVSS3: 6.1
msrc
около 2 месяцев назад

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

debian логотип

CVE-2021-3507

CVSS3: 6.1
debian
больше 4 лет назад

A heap buffer overflow was found in the floppy disk emulator of QEMU u ...

github логотип

GHSA-m99h-7jcp-j7w9

CVSS3: 6.1
github
больше 3 лет назад

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

EPSS

Процентиль: 4%
0.00019
Низкий

6.1 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-119
CWE-787