Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
History
13 Feb 2023, 00:48
Type | Values Removed | Values Added |
---|---|---|
Summary | Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. | |
References |
|
02 Feb 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
Summary | A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. | |
References |
|
11 Feb 2022, 05:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:* |
|
First Time |
Arista
Arista eos |
|
References | (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 - Third Party Advisory |
26 Jan 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2015-06-15 15:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-3209
Mitre link : CVE-2015-3209
CVE.ORG link : CVE-2015-3209
JSON object : View
Products Affected
qemu
- qemu
debian
- debian_linux
redhat
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_eus
- virtualization
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_desktop
- openstack
- enterprise_linux
suse
- linux_enterprise_desktop
- linux_enterprise_debuginfo
- linux_enterprise_server
- linux_enterprise_software_development_kit
juniper
- junos_space
arista
- eos
fedoraproject
- fedora
canonical
- ubuntu_linux
CWE
CWE-787
Out-of-bounds Write