Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3527

Опубликовано: 26 мая 2021
Источник: nvd
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Версия до 6.0.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 4%
0.00021
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-770
CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2021-3527

CVSS3: 5.5
ubuntu
около 4 лет назад

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

redhat логотип

CVE-2021-3527

CVSS3: 3.2
redhat
около 4 лет назад

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

msrc логотип

CVE-2021-3527

CVSS3: 5.5
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-3527

CVSS3: 5.5
debian
около 4 лет назад

A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...

github логотип

GHSA-fwv2-775h-qv4v

CVSS3: 5.5
github
около 3 лет назад

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

EPSS

Процентиль: 4%
0.00021
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-770
CWE-770