Lucene search
HistoryNov 04, 2014 - 9:55 p.m.
CVE-2014-0223
cve-2014-0223
qemu
integer overflow
buffer overflow
denial of service
nvd
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
Affected configurations
Node
suselinux_enterprise_serverMatch11.0sp1
Node
qemuqemuRange≤1.7.1
ORqemuqemuMatch0.1.0
ORqemuqemuMatch0.1.1
ORqemuqemuMatch0.1.2
ORqemuqemuMatch0.1.3
ORqemuqemuMatch0.1.4
ORqemuqemuMatch0.1.5
ORqemuqemuMatch0.1.6
ORqemuqemuMatch0.2.0
ORqemuqemuMatch0.3.0
ORqemuqemuMatch0.4.0
ORqemuqemuMatch0.4.1
ORqemuqemuMatch0.4.2
ORqemuqemuMatch0.4.3
ORqemuqemuMatch0.5.0
ORqemuqemuMatch0.5.1
ORqemuqemuMatch0.5.2
ORqemuqemuMatch0.5.3
ORqemuqemuMatch0.5.4
ORqemuqemuMatch0.5.5
ORqemuqemuMatch0.6.0
ORqemuqemuMatch0.6.1
ORqemuqemuMatch0.7.0
ORqemuqemuMatch0.7.1
ORqemuqemuMatch0.7.2
ORqemuqemuMatch0.8.0
ORqemuqemuMatch0.8.1
ORqemuqemuMatch0.8.2
ORqemuqemuMatch0.9.0
ORqemuqemuMatch0.9.1
ORqemuqemuMatch0.9.1-5
ORqemuqemuMatch0.10.0
ORqemuqemuMatch0.10.1
ORqemuqemuMatch0.10.2
ORqemuqemuMatch0.10.3
ORqemuqemuMatch0.10.4
ORqemuqemuMatch0.10.5
ORqemuqemuMatch0.10.6
ORqemuqemuMatch0.11.0
ORqemuqemuMatch0.11.0rc0
ORqemuqemuMatch0.11.0rc1
ORqemuqemuMatch0.11.0rc2
ORqemuqemuMatch0.11.0-rc0
ORqemuqemuMatch0.11.0-rc1
ORqemuqemuMatch0.11.0-rc2
ORqemuqemuMatch0.11.1
ORqemuqemuMatch0.12.0
ORqemuqemuMatch0.12.0rc1
ORqemuqemuMatch0.12.0rc2
ORqemuqemuMatch0.12.1
ORqemuqemuMatch0.12.2
ORqemuqemuMatch0.12.3
ORqemuqemuMatch0.12.4
ORqemuqemuMatch0.12.5
ORqemuqemuMatch0.13.0
ORqemuqemuMatch0.13.0rc0
ORqemuqemuMatch0.13.0rc1
ORqemuqemuMatch0.14.0
ORqemuqemuMatch0.14.0rc0
ORqemuqemuMatch0.14.0rc1
ORqemuqemuMatch0.14.0rc2
ORqemuqemuMatch0.14.1
ORqemuqemuMatch0.15.0rc1
ORqemuqemuMatch0.15.0rc2
ORqemuqemuMatch0.15.1
ORqemuqemuMatch0.15.2
ORqemuqemuMatch1.0
ORqemuqemuMatch1.0rc1
ORqemuqemuMatch1.0rc2
ORqemuqemuMatch1.0rc3
ORqemuqemuMatch1.0rc4
ORqemuqemuMatch1.0.1
ORqemuqemuMatch1.1
ORqemuqemuMatch1.1rc1
ORqemuqemuMatch1.1rc2
ORqemuqemuMatch1.1rc3
ORqemuqemuMatch1.1rc4
ORqemuqemuMatch1.4.1
ORqemuqemuMatch1.4.2
ORqemuqemuMatch1.5.0
ORqemuqemuMatch1.5.0rc1
ORqemuqemuMatch1.5.0rc2
ORqemuqemuMatch1.5.0rc3
ORqemuqemuMatch1.5.1
ORqemuqemuMatch1.5.2
ORqemuqemuMatch1.5.3
ORqemuqemuMatch1.6.0
ORqemuqemuMatch1.6.0rc1
ORqemuqemuMatch1.6.0rc2
ORqemuqemuMatch1.6.0rc3
ORqemuqemuMatch1.6.1
ORqemuqemuMatch1.6.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| suse:linux_enterprise_server | suse linux enterprise server | eq | 11.0 |
References
lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
www.debian.org/security/2014/dsa-3044
www.securityfocus.com/bid/67391
lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
Related
securityvulns
securityvulns
[oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size
2014-05-15 00:00:00
QEMU multiple security vulnerabilities
2014-05-15 00:00:00
[SECURITY] [DSA 3045-1] qemu security update
2014-10-13 00:00:00
cvelist
cvelist
CVE-2014-0223
2014-11-04 21:00:00
nvd
nvd
CVE-2014-0223
2014-11-04 21:55:25
prion
prion
Integer overflow
2014-11-04 21:55:00
debiancve
debiancve
CVE-2014-0223
2014-11-04 21:55:25
ubuntucve
ubuntucve
CVE-2014-0223
2014-05-13 00:00:00
openvas
openvas
CentOS Update for qemu-guest-agent CESA-2014:1075 centos6
2014-08-21 00:00:00
RedHat Update for qemu-kvm RHSA-2014:1075-01
2014-08-20 00:00:00
Oracle: Security Advisory (ELSA-2014-1075)
2015-10-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:03:55
redhat
redhat
(RHSA-2014:1075) Moderate: qemu-kvm security and bug fix update
2014-08-19 00:00:00
(RHSA-2014:1076) Moderate: qemu-kvm-rhev security and bug fix update
2014-08-19 00:00:00
(RHSA-2014:1187) Moderate: qemu-kvm-rhev security update
2014-09-15 00:00:00
nessus
nessus
Oracle Linux 6 : qemu-kvm (ELSA-2014-1075)
2014-08-20 00:00:00
CentOS 6 : qemu-kvm (CESA-2014:1075)
2014-08-21 00:00:00
RHEL 6 : qemu-kvm (RHSA-2014:1075)
2014-08-20 00:00:00
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2014-08-19 00:00:00
qemu-kvm security and bug fix update
2014-07-23 00:00:00
qemu-kvm security, bug fix, and enhancement update
2015-03-11 00:00:00
ibm
ibm
centos
centos
qemu security update
2014-08-19 10:00:56
libcacard, qemu security update
2014-07-25 13:23:24
suse
suse
Security update for KVM (important)
2015-05-22 00:08:52
fedora
fedora
[SECURITY] Fedora 20 Update: qemu-1.6.2-6.fc20
2014-06-10 02:56:05
[SECURITY] Fedora 20 Update: qemu-1.6.2-8.fc20
2014-09-11 00:54:50
[SECURITY] Fedora 20 Update: qemu-1.6.2-7.fc20
2014-07-26 00:11:13
debian
debian
[SECURITY] [DSA 3045-1] qemu security update
2014-10-04 19:27:38
[SECURITY] [DSA 3044-1] qemu-kvm security update
2014-10-04 19:26:54
gentoo
gentoo
QEMU: Multiple vulnerabilities
2014-08-30 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2014-09-08 00:00:00
mageia
mageia
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2014-0223