Skip to main content

Qemu CVE-2015-5279

HIGH
Buffer Overflow (CWE-119)
2015-09-28 secalert@redhat.com
7.2
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Local
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Sep 28, 2015 - 16:59 cve.org
HIGH 7.2

DescriptionCVE.org

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

AnalysisAI

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Affected products include: Qemu. Version information: before 2.4.0.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Qemu

View all
CVE-2015-3456 HIGH POC
7.7 May 13

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a

CVE-2015-8556 CRITICAL POC
10.0 Mar 24

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Rated critical severity (CVSS 10.0)

CVE-2019-12928 CRITICAL POC
9.8 Jun 24

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote

CVE-2019-12929 CRITICAL POC
9.8 Jun 24

The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achi

CVE-2015-7512 CRITICAL
9.0 Jan 08

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remot

CVE-2016-7161 CRITICAL
9.8 Oct 05

Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attacke

CVE-2024-24474 HIGH POC
8.8 Feb 20

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA tra

CVE-2022-35414 HIGH POC
8.8 Jul 11

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_r

CVE-2016-4002 CRITICAL
9.8 Apr 26

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept

CVE-2024-3447 MEDIUM POC
6.0 Nov 14

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. Rated medium severity (CVSS 6.0), this vul

CVE-2017-15268 HIGH POC
7.5 Oct 12

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, rela

CVE-2022-2962 HIGH POC
7.8 Sep 13

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerabili

Share

CVE-2015-5279 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy