Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2014-0144

Published: 29/09/2022 Updated: 13/02/2023
CVSS v3 Base Score: 8.6 | Impact Score: 6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Qemu

Vulnerability Summary

QEMU prior to 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

redhat enterprise linux server aus 6.5

redhat enterprise linux server tus 6.5

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat virtualization 3.0

redhat enterprise linux eus 6.5

redhat enterprise linux openstack platform 5

Vendor Advisories

Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Debian CVElist Bug Report Logs: image format processing issues: lack of input validation
Debian Bug report logs - #742730 image format processing issues: lack of input validation Packages: qemu-kvm, qemu; Maintainer for qemu-kvm is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu-kvm is src:qemu (PTS, buildd, popcon) Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebia ...
Debian CVElist Bug Report Logs: CVE-2014-3640: qemu: slirp: NULL pointer deref in sosendto()
Debian Bug report logs - #762532 CVE-2014-3640: qemu: slirp: NULL pointer deref in sosendto() Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Tue, 23 Sep 2014 06:57:12 UTC ...
Debian Security Advisories: DSA-3045-1 qemu -- security update
Several vulnerabilities were discovered in qemu, a fast processor emulator: Various security issues have been found in the block qemu drivers Malformed disk images might result in the execution of arbitrary code A NULL pointer dereference in SLIRP may result in denial of service An information leak was discovered in the VGA emulation For t ...

References

CWE-20http://rhn.redhat.com/errata/RHSA-2014-0421.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0420.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1079240http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575bhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406cehttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dchttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3ahttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41https://www.vulnerabilitycenter.com/#%21vul=44767http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6https://usn.ubuntu.com/2342-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook