CVE-2011-4111

2014-02-2615:55:08

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-4111

buffer overflow

qemu

security vulnerability

denial of service

remote code execution

nvd

6.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.051 Low

EPSS

Percentile

93.0%

JSON

Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch6.0

redhatenterprise_linux_server_supplementaryMatch6.1.z

Node

qemuqemuRange≤0.15.1

qemuqemuMatch0.15.0

qemuqemuMatch0.15.0rc1

qemuqemuMatch0.15.0rc2

qemuqemuMatch1.0

qemuqemuMatch1.0rc1

qemuqemuMatch1.0rc2

qemuqemuMatch1.0rc3

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq6.0
redhat:enterprise_linux_server_supplementaryredhat enterprise linux server supplementaryeq6.1.z