An out-of-bounds access flaw was found in the Tulip NIC emulator built into QEMU. This flaw occurs while copying network data to and from its tx/rx frame buffers, as it does not check frame size against the data length. This flaw allows a remote user or process to crash the QEMU process, resulting in a denial of service or the potential execution of arbitrary code with the privileges of the QEMU process on the host.