Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.2
CVSSv3

CVE-2014-0147

Published: 29/09/2022 Updated: 13/02/2023
CVSS v3 Base Score: 6.2 | Impact Score: 3.6 | Exploitability Score: 2.5
VMScore: 0
Subscribe to Qemu

Vulnerability Summary

Qemu prior to 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

fedoraproject fedora 20

redhat enterprise linux server aus 6.5

redhat enterprise linux server tus 6.5

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat virtualization 3.0

redhat enterprise linux eus 6.5

redhat enterprise linux openstack platform 5

Vendor Advisories

Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Debian CVElist Bug Report Logs: image format processing issues: lack of input validation
Debian Bug report logs - #742730 image format processing issues: lack of input validation Packages: qemu-kvm, qemu; Maintainer for qemu-kvm is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu-kvm is src:qemu (PTS, buildd, popcon) Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebia ...
Debian CVElist Bug Report Logs: CVE-2014-3640: qemu: slirp: NULL pointer deref in sosendto()
Debian Bug report logs - #762532 CVE-2014-3640: qemu: slirp: NULL pointer deref in sosendto() Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Tue, 23 Sep 2014 06:57:12 UTC ...
Debian Security Advisories: DSA-3045-1 qemu -- security update
Several vulnerabilities were discovered in qemu, a fast processor emulator: Various security issues have been found in the block qemu drivers Malformed disk images might result in the execution of arbitrary code A NULL pointer dereference in SLIRP may result in denial of service An information leak was discovered in the VGA emulation For t ...

References

CWE-190https://bugzilla.redhat.com/show_bug.cgi?id=1086717http://rhn.redhat.com/errata/RHSA-2014-0421.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1078848http://rhn.redhat.com/errata/RHSA-2014-0420.htmlhttp://www.openwall.com/lists/oss-security/2014/03/26/8http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789https://usn.ubuntu.com/2342-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook