Lucene search
HistoryNov 04, 2014 - 9:55 p.m.
CVE-2013-6399
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.7
Confidence
High
EPSS
0.066
Percentile
93.8%
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
Affected configurations
Node
qemuqemuRange≤1.7.1
ORqemuqemuMatch0.1.0
ORqemuqemuMatch0.1.1
ORqemuqemuMatch0.1.2
ORqemuqemuMatch0.1.3
ORqemuqemuMatch0.1.4
ORqemuqemuMatch0.1.5
ORqemuqemuMatch0.1.6
ORqemuqemuMatch0.2.0
ORqemuqemuMatch0.3.0
ORqemuqemuMatch0.4.0
ORqemuqemuMatch0.4.1
ORqemuqemuMatch0.4.2
ORqemuqemuMatch0.4.3
ORqemuqemuMatch0.5.0
ORqemuqemuMatch0.5.1
ORqemuqemuMatch0.5.2
ORqemuqemuMatch0.5.3
ORqemuqemuMatch0.5.4
ORqemuqemuMatch0.5.5
ORqemuqemuMatch0.6.0
ORqemuqemuMatch0.6.1
ORqemuqemuMatch0.7.0
ORqemuqemuMatch0.7.1
ORqemuqemuMatch0.7.2
ORqemuqemuMatch0.8.0
ORqemuqemuMatch0.8.1
ORqemuqemuMatch0.8.2
ORqemuqemuMatch0.9.0
ORqemuqemuMatch0.9.1
ORqemuqemuMatch0.9.1-5
ORqemuqemuMatch0.10.0
ORqemuqemuMatch0.10.1
ORqemuqemuMatch0.10.2
ORqemuqemuMatch0.10.3
ORqemuqemuMatch0.10.4
ORqemuqemuMatch0.10.5
ORqemuqemuMatch0.10.6
ORqemuqemuMatch0.11.0
ORqemuqemuMatch0.11.0rc0
ORqemuqemuMatch0.11.0rc1
ORqemuqemuMatch0.11.0rc2
ORqemuqemuMatch0.11.0-rc0
ORqemuqemuMatch0.11.0-rc1
ORqemuqemuMatch0.11.0-rc2
ORqemuqemuMatch0.11.1
ORqemuqemuMatch0.12.0
ORqemuqemuMatch0.12.0rc1
ORqemuqemuMatch0.12.0rc2
ORqemuqemuMatch0.12.1
ORqemuqemuMatch0.12.2
ORqemuqemuMatch0.12.3
ORqemuqemuMatch0.12.4
ORqemuqemuMatch0.12.5
ORqemuqemuMatch0.13.0
ORqemuqemuMatch0.13.0rc0
ORqemuqemuMatch0.13.0rc1
ORqemuqemuMatch0.14.0
ORqemuqemuMatch0.14.0rc0
ORqemuqemuMatch0.14.0rc1
ORqemuqemuMatch0.14.0rc2
ORqemuqemuMatch0.14.1
ORqemuqemuMatch0.15.0rc1
ORqemuqemuMatch0.15.0rc2
ORqemuqemuMatch0.15.1
ORqemuqemuMatch0.15.2
ORqemuqemuMatch1.0
ORqemuqemuMatch1.0rc1
ORqemuqemuMatch1.0rc2
ORqemuqemuMatch1.0rc3
ORqemuqemuMatch1.0rc4
ORqemuqemuMatch1.0.1
ORqemuqemuMatch1.1
ORqemuqemuMatch1.1rc1
ORqemuqemuMatch1.1rc2
ORqemuqemuMatch1.1rc3
ORqemuqemuMatch1.1rc4
ORqemuqemuMatch1.4.1
ORqemuqemuMatch1.4.2
ORqemuqemuMatch1.5.0
ORqemuqemuMatch1.5.0rc1
ORqemuqemuMatch1.5.0rc2
ORqemuqemuMatch1.5.0rc3
ORqemuqemuMatch1.5.1
ORqemuqemuMatch1.5.2
ORqemuqemuMatch1.5.3
ORqemuqemuMatch1.6.0
ORqemuqemuMatch1.6.0rc1
ORqemuqemuMatch1.6.0rc2
ORqemuqemuMatch1.6.0rc3
ORqemuqemuMatch1.6.1
ORqemuqemuMatch1.6.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| qemu | qemu | * | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.0 | cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.1 | cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.2 | cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.3 | cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.4 | cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.5 | cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:* |
| qemu | qemu | 0.1.6 | cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:* |
| qemu | qemu | 0.2.0 | cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:* |
| qemu | qemu | 0.3.0 | cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:* |
References
git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1
lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
rhn.redhat.com/errata/RHSA-2014-0743.html
rhn.redhat.com/errata/RHSA-2014-0744.html
Related
debiancve
debiancve
CVE-2013-6399
2014-11-04 21:55:25
cve
cve
CVE-2013-6399
2014-11-04 21:55:25
ubuntucve
ubuntucve
CVE-2013-6399
2014-02-20 00:00:00
cvelist
cvelist
CVE-2013-6399
2014-11-04 21:00:00
prion
prion
Code injection
2014-11-04 21:55:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:58:37
Arbitrary Code Execution
2019-05-02 04:58:37
Arbitrary Code Execution
2019-05-02 04:58:38
redhat
redhat
(RHSA-2014:0888) Moderate: qemu-kvm-rhev security update
2014-07-24 00:00:00
(RHSA-2014:0744) Moderate: qemu-kvm-rhev security update
2014-06-10 00:00:00
(RHSA-2014:0743) Moderate: qemu-kvm security and bug fix update
2014-06-10 00:00:00
centos
centos
qemu security update
2014-06-11 11:37:18
libcacard, qemu security update
2014-07-25 13:23:24
openvas
openvas
RedHat Update for qemu-kvm RHSA-2014:0743-01
2014-06-17 00:00:00
CentOS Update for qemu-guest-agent CESA-2014:0743 centos6
2014-06-17 00:00:00
Oracle: Security Advisory (ELSA-2014-0743)
2015-10-06 00:00:00
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2014-06-10 00:00:00
qemu-kvm security and bug fix update
2014-07-23 00:00:00
qemu-kvm security, bug fix, and enhancement update
2015-03-11 00:00:00
nessus
nessus
CentOS 6 : qemu-kvm (CESA-2014:0743)
2014-06-12 00:00:00
Oracle Linux 6 : qemu-kvm (ELSA-2014-0743)
2014-06-11 00:00:00
RHEL 6 : qemu-kvm-rhev (RHSA-2014:0744)
2014-11-08 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: qemu-1.6.2-5.fc20
2014-05-16 10:01:41
ubuntu
ubuntu
QEMU vulnerabilities
2014-09-08 00:00:00
mageia
mageia
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
osv
osv
qemu-2.6.1-1.5 on GA media
2024-06-15 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.7
Confidence
High
EPSS
0.066
Percentile
93.8%
Related for NVD:CVE-2013-6399