Lucene search

K

PRIOn knowledge basePRION:CVE-2016-6888

HistoryDec 10, 2016 - 12:59 a.m.

Integer overflow

2016-12-1000:59:00

PRIOn knowledge base

www.prio-n.com

5

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.

CPENameOperatorVersion
debian_linuxeq8.0
qemueq2.7.0 rc0
qemule2.6.2
qemueq2.7.0 rc1
qemueq2.7.0 rc2
qemueq2.7.0 rc3
openstackeq7.0
openstackeq6.0
openstackeq10
openstackeq9

Rows per page:

1-10 of 131

References

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=47882fa4975bf0b58dd74474329fdd7154e8f04c

www.openwall.com/lists/oss-security/2016/08/19/10

www.openwall.com/lists/oss-security/2016/08/19/6

www.securityfocus.com/bid/92556

access.redhat.com/errata/RHSA-2017:2392

access.redhat.com/errata/RHSA-2017:2408

lists.debian.org/debian-lts-announce/2018/11/msg00038.html

lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html

security.gentoo.org/glsa/201609-01

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

Related for PRION:CVE-2016-6888

redhatcve1 debiancve1 veracode1 nvd1 cve1 ubuntucve1 cvelist1 openvas12 nessus18 suse7 redhat2 gentoo1 ubuntu1 osv1 debian1 ibm1