Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-3447

Опубликовано: 14 нояб. 2024
Источник: nvd
CVSS3: 6
EPSS Низкий

Описание

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s->data_count and the size of s->fifo_buffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Версия до 7.2.11 (исключая)
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.2.3 (исключая)
cpe:2.3:a:qemu:qemu:9.0.0:-:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:9.0.0:rc0:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:9.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:9.0.0:rc2:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*

EPSS

Процентиль: 4%
0.00021
Низкий

6 Medium

CVSS3

Дефекты

CWE-122

Связанные уязвимости

ubuntu логотип

CVE-2024-3447

CVSS3: 6
ubuntu
9 месяцев назад

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

redhat логотип

CVE-2024-3447

CVSS3: 6
redhat
больше 1 года назад

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

msrc логотип

CVE-2024-3447

CVSS3: 6
msrc
3 месяца назад

Описание отсутствует

debian логотип

CVE-2024-3447

CVSS3: 6
debian
9 месяцев назад

A heap-based buffer overflow was found in the SDHCI device emulation o ...

github логотип

GHSA-mq5w-grf9-5rp9

CVSS3: 6
github
9 месяцев назад

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

EPSS

Процентиль: 4%
0.00021
Низкий

6 Medium

CVSS3

Дефекты

CWE-122