Buffer Overflow

2020-09-2106:39:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

20.6%

JSON

qemu is vulnerable to buffer overflow. hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.

CPENameOperatorVersion
qemu:xenialeq1:2.5+dfsg-5ubuntu10
qemu:focaleq1:4.2-3ubuntu6
qemu:bioniceq1:2.11+dfsg-1ubuntu7
qemu:stretcheq1:2.8+dfsg-6+deb9u9
qemu:edgeeq4.2.0-r2
qemu:edgeeq5.0.0-r0
qemu:xenialeq1:2.5+dfsg-5ubuntu10
qemu:focaleq1:4.2-3ubuntu6
qemu:bioniceq1:2.11+dfsg-1ubuntu7
qemu:stretcheq1:2.8+dfsg-6+deb9u9

Name	Operator	Version
qemu:xenial	eq	1:2.5+dfsg-5ubuntu10
qemu:focal	eq	1:4.2-3ubuntu6
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7
qemu:stretch	eq	1:2.8+dfsg-6+deb9u9
qemu:edge	eq	4.2.0-r2
qemu:edge	eq	5.0.0-r0
qemu:xenial	eq	1:2.5+dfsg-5ubuntu10
qemu:focal	eq	1:4.2-3ubuntu6
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7
qemu:stretch	eq	1:2.8+dfsg-6+deb9u9