CVE-2008-1945Cross-site Scripting in Qemu

CWE-79Cross-site Scripting12 documents9 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 74.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
QemuCanonical Ubuntu LinuxDebian Linux+6 more
Timeline
PublishedAug 8
Latest updateMay 1

Description

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages7 packages

Debianqemu/qemu< 0.9.1-5+3
NVDqemu/qemu0.9.0
NVDopensuse/opensuse10.3, 11.0, 11.1+2

Also affects: Debian Linux 4.0, 5.0, Ubuntu Linux 8.04, 8.10, Enterprise Linux 5.2

🔴Vulnerability Details

3
GHSA
GHSA-vvm6-gvx4-5r3v: QEMU 02022-05-01
OSV
CVE-2008-1945: QEMU 02008-08-08
CVEList
CVE-2008-1945: QEMU 02008-08-08

💥Exploits & PoCs

1
Exploit-DB
Microsoft Visual Studio - 'Msmask32.ocx' ActiveX Remote Buffer Overflow (PoC)2008-08-14

📋Vendor Advisories

5
Ubuntu
KVM regression2009-05-13
Ubuntu
KVM vulnerabilities2009-05-12
Red Hat
qemu/kvm/xen: add image format options for USB storage and removable media2008-08-07
Red Hat
awstats: Cross-site scripting (XSS) vulnerability2008-06-23
Debian
CVE-2008-1945: qemu - QEMU 0.9.0 does not properly handle changes to removable media, which allows gue...2008

💬Community

2
Bugzilla
CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability2008-08-20
Bugzilla
CVE-2008-1945 qemu/kvm/xen: add image format options for USB storage and removable media2008-05-09
CVE-2008-1945 — Cross-site Scripting in Qemu | cvebase