Published: 31/12/2020 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 3.8 | Impact Score: 1.4 | Exploitability Score: 2

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu 4.1.0

A heap buffer overflow flaw was found in the iSCSI support of QEMU This flaw could lead to an out-of-bounds read access and possible information disclosure from the QEMU process memory to a malicious guest The highest threat from this vulnerability is to data confidentiality (CVE-2020-11947) An infinite loop flaw was found in the e1000e NIC emul ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure  ...

CWE-125 http://www.openwall.com/lists/oss-security/2021/01/13/4 https://security.netapp.com/advisory/ntap-20210212-0001/https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2021-1671.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-11947

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect