QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Feb 2023, 00:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. |
02 Feb 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2014-0144 Qemu: block: missing input validation | |
References |
|
|
03 Oct 2022, 14:26
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
CWE | CWE-20 | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=24342f2cae47d03911e346fe1e520b00dc2818e0 - Mailing List, Patch, Vendor Advisory | |
References | (MISC) http://rhn.redhat.com/errata/RHSA-2014-0421.html - Third Party Advisory | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=97f1c45c6f456572e5b504b8614e4a69e23b8e3a - Mailing List, Patch, Vendor Advisory | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41 - Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://www.vulnerabilitycenter.com/#!vul=44767 - Third Party Advisory | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=a1b3955c9415b1e767c130a2f59fee6aa28e575b - Mailing List, Patch, Vendor Advisory | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85 - Mailing List, Patch, Vendor Advisory | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=7b103b36d6ef3b11827c203d3a793bf7da50ecd6 - Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1079240 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=6d4b9e55fc625514a38d27cff4b9933f617fa7dc - Mailing List, Patch, Vendor Advisory | |
References | (MISC) http://rhn.redhat.com/errata/RHSA-2014-0420.html - Third Party Advisory | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=ce48f2f441ca98885267af6fd636a7cb804ee646 - Mailing List, Patch, Vendor Advisory | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21 - Mailing List, Patch, Vendor Advisory | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=f56b9bc3ae20fc93815b34aa022be919941406ce - Mailing List, Patch, Vendor Advisory | |
References | (MISC) http://git.qemu.org/?p=qemu.git;a=commit;h=d65f97a82c4ed48374a764c769d4ba1ea9724e97 - Mailing List, Patch, Vendor Advisory | |
First Time |
Redhat enterprise Linux Server Tus
Redhat Redhat enterprise Linux Eus Redhat enterprise Linux Server Aus Redhat virtualization Qemu qemu Redhat enterprise Linux Desktop Qemu Redhat enterprise Linux Server Redhat enterprise Linux Workstation Redhat enterprise Linux Openstack Platform |
|
CPE | cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:* cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:* |
29 Sep 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-29 03:15
Updated : 2023-12-10 14:35
NVD link : CVE-2014-0144
Mitre link : CVE-2014-0144
CVE.ORG link : CVE-2014-0144
JSON object : View
Products Affected
redhat
- virtualization
- enterprise_linux_desktop
- enterprise_linux_openstack_platform
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_server_tus
- enterprise_linux_eus
- enterprise_linux_workstation
qemu
- qemu
CWE
CWE-20
Improper Input Validation