Lucene search

[email protected]CVE-2014-0222

HistoryNov 04, 2014 - 9:55 p.m.

CVE-2014-0222

2014-11-0421:55:25

CWE-189

[email protected]

web.nvd.nist.gov

cve

2014

0222

integer overflow

qcow_open function

qemu

denial of service

nvd

security bug

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

Affected configurations

NVD

Node

suselinux_enterprise_serverMatch11.0sp1

Node

qemuqemuRange≤1.7.1

qemuqemuMatch0.1.0

qemuqemuMatch0.1.1

qemuqemuMatch0.1.2

qemuqemuMatch0.1.3

qemuqemuMatch0.1.4

qemuqemuMatch0.1.5

qemuqemuMatch0.1.6

qemuqemuMatch0.2.0

qemuqemuMatch0.3.0

qemuqemuMatch0.4.0

qemuqemuMatch0.4.1

qemuqemuMatch0.4.2

qemuqemuMatch0.4.3

qemuqemuMatch0.5.0

qemuqemuMatch0.5.1

qemuqemuMatch0.5.2

qemuqemuMatch0.5.3

qemuqemuMatch0.5.4

qemuqemuMatch0.5.5

qemuqemuMatch0.6.0

qemuqemuMatch0.6.1

qemuqemuMatch0.7.0

qemuqemuMatch0.7.1

qemuqemuMatch0.7.2

qemuqemuMatch0.8.0

qemuqemuMatch0.8.1

qemuqemuMatch0.8.2

qemuqemuMatch0.9.0

qemuqemuMatch0.9.1

qemuqemuMatch0.9.1-5

qemuqemuMatch0.10.0

qemuqemuMatch0.10.1

qemuqemuMatch0.10.2

qemuqemuMatch0.10.3

qemuqemuMatch0.10.4

qemuqemuMatch0.10.5

qemuqemuMatch0.10.6

qemuqemuMatch0.11.0

qemuqemuMatch0.11.0rc0

qemuqemuMatch0.11.0rc1

qemuqemuMatch0.11.0rc2

qemuqemuMatch0.11.0-rc0

qemuqemuMatch0.11.0-rc1

qemuqemuMatch0.11.0-rc2

qemuqemuMatch0.11.1

qemuqemuMatch0.12.0

qemuqemuMatch0.12.0rc1

qemuqemuMatch0.12.0rc2

qemuqemuMatch0.12.1

qemuqemuMatch0.12.2

qemuqemuMatch0.12.3

qemuqemuMatch0.12.4

qemuqemuMatch0.12.5

qemuqemuMatch0.13.0

qemuqemuMatch0.13.0rc0

qemuqemuMatch0.13.0rc1

qemuqemuMatch0.14.0

qemuqemuMatch0.14.0rc0

qemuqemuMatch0.14.0rc1

qemuqemuMatch0.14.0rc2

qemuqemuMatch0.14.1

qemuqemuMatch0.15.0rc1

qemuqemuMatch0.15.0rc2

qemuqemuMatch0.15.1

qemuqemuMatch0.15.2

qemuqemuMatch1.0

qemuqemuMatch1.0rc1

qemuqemuMatch1.0rc2

qemuqemuMatch1.0rc3

qemuqemuMatch1.0rc4

qemuqemuMatch1.0.1

qemuqemuMatch1.1

qemuqemuMatch1.1rc1

qemuqemuMatch1.1rc2

qemuqemuMatch1.1rc3

qemuqemuMatch1.1rc4

qemuqemuMatch1.4.1

qemuqemuMatch1.4.2

qemuqemuMatch1.5.0

qemuqemuMatch1.5.0rc1

qemuqemuMatch1.5.0rc2

qemuqemuMatch1.5.0rc3

qemuqemuMatch1.5.1

qemuqemuMatch1.5.2

qemuqemuMatch1.5.3

qemuqemuMatch1.6.0

qemuqemuMatch1.6.0rc1

qemuqemuMatch1.6.0rc2

qemuqemuMatch1.6.0rc3

qemuqemuMatch1.6.1

qemuqemuMatch1.6.2

CPENameOperatorVersion
suse:linux_enterprise_serversuse linux enterprise servereq11.0

CPE	Name	Operator	Version
suse:linux_enterprise_server	suse linux enterprise server	eq	11.0

References

lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html

lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html

lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html

lists.opensuse.org/opensuse-updates/2015-11/msg00063.html

www.debian.org/security/2014/dsa-3044

www.securityfocus.com/bid/67357

lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for CVE-2014-0222

prion1 nvd1 cvelist1 securityvulns4 ubuntucve1 veracode2 debiancve1 redhat6 nessus36 oraclelinux3 ibm1 openvas40 centos2 suse16 fedora8 debian2 gentoo1 ubuntu1 mageia1