Lucene search

[email protected]NVD:CVE-2016-9603

HistoryJul 27, 2018 - 9:29 p.m.

CVE-2016-9603

2018-07-2721:29:00

CWE-119

CWE-122

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

A heap buffer overflow flaw was found in QEMU’s Cirrus CLGD 54xx VGA emulator’s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

Affected configurations

Nvd

Node

qemuqemuRange<2.9.0

Node

citrixxenserverMatch6.0.2

citrixxenserverMatch6.2.0sp1

citrixxenserverMatch6.5sp1

citrixxenserverMatch7.0

citrixxenserverMatch7.1

redhatopenstackMatch5.0

redhatopenstackMatch6.0

redhatopenstackMatch7.0

redhatopenstackMatch8

redhatopenstackMatch9

redhatopenstackMatch10

debiandebian_linuxMatch7.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_eusMatch7.3

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

VendorProductVersionCPE
qemuqemu*cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
citrixxenserver6.0.2cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*
citrixxenserver6.2.0cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*
citrixxenserver6.5cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*
citrixxenserver7.0cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*
citrixxenserver7.1cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*
redhatopenstack5.0cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
redhatopenstack6.0cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
redhatopenstack7.0cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
redhatopenstack8cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qemu	qemu	*	cpe:2.3:a:qemu:qemu::::::::
citrix	xenserver	6.0.2	cpe:2.3:a:citrix:xenserver:6.0.2:::::::*
citrix	xenserver	6.2.0	cpe:2.3:a:citrix:xenserver:6.2.0:sp1::::::
citrix	xenserver	6.5	cpe:2.3:a:citrix:xenserver:6.5:sp1::::::
citrix	xenserver	7.0	cpe:2.3:a:citrix:xenserver:7.0:::::::*
citrix	xenserver	7.1	cpe:2.3:a:citrix:xenserver:7.1:::::::*
redhat	openstack	5.0	cpe:2.3:a:redhat:openstack:5.0:::::::*
redhat	openstack	6.0	cpe:2.3:a:redhat:openstack:6.0:::::::*
redhat	openstack	7.0	cpe:2.3:a:redhat:openstack:7.0:::::::*
redhat	openstack	8	cpe:2.3:a:redhat:openstack:8:::::::*