Lucene search

Veracode Vulnerability DatabaseVERACODE:27076

HistorySep 21, 2020 - 6:34 a.m.

Denial Of Service (DoS)

2020-09-2106:34:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

26.7%

JSON

qemu is vulnerable to denial of service (DoS). The vulnerability exists through a memory leak when the sglist size is set to a value over 2 Gb, in the megasas_handle_dcmd function in hw/scsi/megasas.c.

CPENameOperatorVersion
qemu:xenialeq1:2.5+dfsg-5ubuntu10
qemu:xenialeq1:2.5+dfsg-5ubuntu10

CPE	Name	Operator	Version
	qemu:xenial	eq	1:2.5+dfsg-5ubuntu10
	qemu:xenial	eq	1:2.5+dfsg-5ubuntu10

References

git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3

git.qemu-project.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3

www.openwall.com/lists/oss-security/2017/02/01/19

www.openwall.com/lists/oss-security/2017/02/02/14

www.securityfocus.com/bid/95999

bugzilla.redhat.com/show_bug.cgi?id=1418342

lists.debian.org/debian-lts-announce/2018/09/msg00007.html

security.gentoo.org/glsa/201702-28

0.001 Low

EPSS

Percentile

26.7%

JSON

Related for VERACODE:27076