CVE-2014-0222

Опубликовано: 12 мая 2014

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kvm	Will not fix
OpenStack 4 for RHEL 6	qemu-kvm-rhev	Fixed	RHSA-2014:1187	15.09.2014
Red Hat Enterprise Linux 6	qemu-kvm	Fixed	RHSA-2014:1075	19.08.2014
Red Hat Enterprise Linux 7	qemu-kvm	Fixed	RHSA-2014:0927	23.07.2014
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6	qemu-kvm-rhev	Fixed	RHSA-2014:1187	15.09.2014
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7	qemu-kvm-rhev	Fixed	RHSA-2014:1268	22.09.2014
RHEV 3.X Hypervisor and Agents for RHEL-6	qemu-kvm-rhev	Fixed	RHSA-2014:1076	19.08.2014
RHEV 3.X Hypervisor and Agents for RHEL-6	rhev-hypervisor6	Fixed	RHSA-2014:1168	09.09.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190->CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=1097216Qemu: qcow1: validate L2 table size to avoid integer overflows

EPSS

Процентиль: 74%

0.00886

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-0222

ubuntu

почти 11 лет назад

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

CVE-2014-0222

nvd

почти 11 лет назад

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

CVE-2014-0222

debian

почти 11 лет назад

Integer overflow in the qcow_open function in block/qcow.c in QEMU bef ...

GHSA-h9pv-ghfm-7x9c

github

около 3 лет назад

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

ELSA-2014-1075

oracle-oval

почти 11 лет назад

ELSA-2014-1075: qemu-kvm security and bug fix update (MODERATE)

EPSS

Процентиль: 74%

0.00886

Низкий

4.3 Medium

CVSS2