Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-24474

Published: 20/02/2024 Updated: 21/02/2024

Vulnerability Summary

QEMU prior to 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.

References

https://gitlab.com/qemu-project/qemu/-/issues/1810https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615ehttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook