Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
References
Configurations
History
13 Feb 2023, 00:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. |
02 Feb 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. | |
References |
|
|
17 Nov 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Nov 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2015-09-28 16:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-5279
Mitre link : CVE-2015-5279
CVE.ORG link : CVE-2015-5279
JSON object : View
Products Affected
qemu
- qemu
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer