Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3682

Опубликовано: 05 авг. 2021
Источник: nvd
CVSS3: 8.5
CVSS2: 6
EPSS Низкий

Описание

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Версия до 6.1.0 (исключая)
cpe:2.3:a:qemu:qemu:6.1.0:rc1:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 66%
0.0052
Низкий

8.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-763
CWE-763

Связанные уязвимости

ubuntu логотип

CVE-2021-3682

CVSS3: 8.5
ubuntu
около 4 лет назад

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

redhat логотип

CVE-2021-3682

CVSS3: 8.5
redhat
около 4 лет назад

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

msrc логотип

CVE-2021-3682

CVSS3: 8.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2021-3682

CVSS3: 8.5
debian
около 4 лет назад

A flaw was found in the USB redirector device emulation of QEMU in ver ...

github логотип

GHSA-2w4j-r5v6-3vgr

CVSS3: 8.5
github
около 3 лет назад

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

EPSS

Процентиль: 66%
0.0052
Низкий

8.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-763
CWE-763