Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2013-4344

Published: 04/10/2013 Updated: 11/08/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Qemu

Vulnerability Summary

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

opensuse opensuse 12.3

opensuse opensuse 13.1

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat virtualization 3.0

canonical ubuntu linux 12.04

canonical ubuntu linux 12.10

canonical ubuntu linux 13.10

Vendor Advisories

Debian CVElist Bug Report Logs: qemu: CVE-2013-4344
Debian Bug report logs - #725944 qemu: CVE-2013-4344 Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 10 Oct 2013 07:42:06 UTC Severity: important Tags: securi ...
Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Red Hat: Important: qemu-kvm security, bug fix, and enhancement update
Synopsis Important: qemu-kvm security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated qemu-kvm packages that fix one security issue, several bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rat ...
Red Hat: Important: qemu-kvm-rhev, qemu-kvm-rhev-tools, qemu-img-rhev security and bug fix update
Synopsis Important: qemu-kvm-rhev, qemu-kvm-rhev-tools, qemu-img-rhev security and bug fix update Type/Severity Security Advisory: Important Topic Updated qemu-kvm-rhev, qemu-kvm-rhev-tools, and qemu-img-rhev packages arenow availableThe Red Hat Security Response Team has rated this update as havingimporta ...
Red Hat: Important: rhev-hypervisor6 security and bug fix update
Synopsis Important: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Important Topic An updated rhev-hypervisor6 package that fixes multiple security issues andone bug is now availableThe Red Hat Security Response Team has rated this update as havingimportant security impact C ...
Debian Security Advisories: DSA-2932-1 qemu -- security update
Several vulnerabilities were discovered in qemu, a fast processor emulator CVE-2013-4344 Buffer overflow in the SCSI implementation in QEMU, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command CVE-2014-2894 Off-by-one error in th ...
Debian Security Advisories: DSA-2933-1 qemu-kvm -- security update
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware CVE-2013-4344 Buffer overflow in the SCSI implementation in QEMU, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command CVE-2014-2894 ...
Red Hat: CVE-2013-4344
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command ...

References

CWE-120http://www.openwall.com/lists/oss-security/2013/10/02/2http://osvdb.org/98028http://www.securityfocus.com/bid/62773http://article.gmane.org/gmane.comp.emulators.qemu/237191http://rhn.redhat.com/errata/RHSA-2013-1754.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1553.htmlhttp://www.ubuntu.com/usn/USN-2092-1http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725944https://usn.ubuntu.com/2092-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-4344
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook