Published: 28/09/2015 Updated: 13/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU prior to 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu

Several security issues were fixed in QEMU ...

Debian Bug report logs - #799073 qemu: CVE-2015-5278: Infinite loop in ne2000_receive() function Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 15 Sep 2015 16:03:02 UTC Severity: important Tags: ...

Debian Bug report logs - #799074 qemu: CVE-2015-5279: Heap overflow vulnerability in ne2000_receive() function Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 15 Sep 2015 16:09:02 UTC Severity: im ...

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware CVE-2015-5278 Qinghao Tang of QIHU 360 Inc discovered an infinite loop issue in the NE2000 NIC emulation A privileged guest user could use this flaw to mount a denial of service (QEMU process crash) CVE-2015-5279 Qinghao Tang of ...

Several vulnerabilities were discovered in qemu, a fast processor emulator CVE-2015-5278 Qinghao Tang of QIHU 360 Inc discovered an infinite loop issue in the NE2000 NIC emulation A privileged guest user could use this flaw to mount a denial of service (QEMU process crash) CVE-2015-5279 Qinghao Tang of QIHU 360 Inc discovered ...

CWE-119 http://www.securitytracker.com/id/1033569 http://www.openwall.com/lists/oss-security/2015/09/15/3 https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76746 http://rhn.redhat.com/errata/RHSA-2015-1896.html http://rhn.redhat.com/errata/RHSA-2015-1925.html http://rhn.redhat.com/errata/RHSA-2015-1924.html http://rhn.redhat.com/errata/RHSA-2015-1923.html https://security.gentoo.org/glsa/201602-01 http://www.debian.org/security/2015/dsa-3362 http://www.debian.org/security/2015/dsa-3361 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755 https://usn.ubuntu.com/2745-1/https://nvd.nist.gov

CVE-2015-5279

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect