Information Disclosure

2021-01-0503:26:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0005 Low

EPSS

Percentile

17.3%

JSON

qemu is vulnerable to information disclosure. The vulnerability exists in iscsi_aio_ioctl_cb of block/iscsi.c through a heap-based buffer over-read.

CPENameOperatorVersion
qemu:stretcheq1:2.8+dfsg-6+deb9u9
qemu:xenialeq1:2.5+dfsg-5ubuntu10.47
qemu:xenialeq1:2.5+dfsg-5ubuntu10
qemu:xenialeq1:2.5+dfsg-5ubuntu10.45
qemu:xenialeq1:2.5+dfsg-5ubuntu10.46
qemu:bioniceq1:2.11+dfsg-1ubuntu7
qemu:bioniceq1:2.11+dfsg-1ubuntu7.31
qemu:bioniceq1:2.11+dfsg-1ubuntu7.32
qemu:bioniceq1:2.11+dfsg-1ubuntu7.33
qemu:focaleq1:4.2-3ubuntu6

Name	Operator	Version
qemu:stretch	eq	1:2.8+dfsg-6+deb9u9
qemu:xenial	eq	1:2.5+dfsg-5ubuntu10.47
qemu:xenial	eq	1:2.5+dfsg-5ubuntu10
qemu:xenial	eq	1:2.5+dfsg-5ubuntu10.45
qemu:xenial	eq	1:2.5+dfsg-5ubuntu10.46
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7.31
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7.32
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7.33
qemu:focal	eq	1:4.2-3ubuntu6