CVE-2013-4344 — Classic Buffer Overflow in Qemu
Severity
7.2HIGHNVD
EPSS
0.1%
top 79.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 4
Latest updateMay 13
Description
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
CVSS vector
AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0
Affected Packages8 packages
Also affects: Ubuntu Linux 12.04, 12.10, 13.10
🔴Vulnerability Details
3GHSA▶
GHSA-38mh-mg22-vw9h: Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to g↗2022-05-13
CVEList▶
CVE-2013-4344: Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to g↗2013-10-04
OSV▶
CVE-2013-4344: Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to g↗2013-10-04
📋Vendor Advisories
3💬Community
4Bugzilla
▶
Bugzilla
▶
Bugzilla
▶