Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2009-3616

Published: 23/10/2009 Updated: 15/02/2024
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1
VMScore: 756
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Qemu

Vulnerability Summary

Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and previous versions might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

redhat enterprise linux server 5.0

redhat enterprise linux workstation 5.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-3616: Multiple use-after-free vulnerabilities in vnc.c
Debian Bug report logs - #553589 CVE-2009-3616: Multiple use-after-free vulnerabilities in vncc Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuculano@debianorg> Date: Sun, 1 Nov 200 ...

References

CWE-416http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5http://www.openwall.com/lists/oss-security/2009/10/16/5https://bugzilla.redhat.com/show_bug.cgi?id=508567https://bugzilla.redhat.com/show_bug.cgi?id=505641http://marc.info/?l=qemu-devel&m=124324043812915http://rhn.redhat.com/errata/RHEA-2009-1272.htmlhttp://www.openwall.com/lists/oss-security/2009/10/16/8https://bugzilla.redhat.com/show_bug.cgi?id=501131http://www.securityfocus.com/bid/36716https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553589https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook