CVE-2013-4540Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow13 documents7 sources
Severity
7.5HIGHNVD
EPSS
3.8%
top 11.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuOpensuse
Timeline
PublishedNov 4
Latest updateMay 13

Description

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

debiandebian/qemu< qemu 2.1+dfsg-1 (bookworm)
Debianqemu/qemu< 2.1+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.3
NVDqemu/qemu1.7.1+66
NVDopensuse/opensuse12.3, 13.1+1

Patches

Patch: lists.nongnu.orgPatch: lists.nongnu.org

🔴Vulnerability Details

3
GHSA
GHSA-67xx-4xq4-jj46: Buffer overflow in scoop_gpio_handler_update in QEMU before 12022-05-13
OSV
CVE-2013-4540: Buffer overflow in scoop_gpio_handler_update in QEMU before 12014-11-04
OSV
qemu, qemu-kvm vulnerabilities2014-09-08

📋Vendor Advisories

5
Ubuntu
QEMU vulnerabilities2014-09-08
Red Hat
qemu: zaurus: buffer overrun on invalid state load2013-12-03
Red Hat
icedtea-web: issue not fixed in 1.42013-09-16
Debian
CVE-2013-4540: qemu - Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow re...2013
Red Hat
icedtea-web: IcedTeaScriptableJavaObject:: invoke off-by-one heap-based buffer overflow2012-11-07

💬Community

4
Bugzilla
CVE-2013-4540 qemu: zaurus: buffer overrun on invalid state load [fedora-all]2014-05-08
Bugzilla
CVE-2013-4540 qemu: zaurus: buffer overrun on invalid state load2014-02-18
Bugzilla
CVE-2013-4349 icedtea-web: CVE-2012-4540 issue not fixed in 1.4 [fedora-all]2013-09-16
Bugzilla
CVE-2013-4349 icedtea-web: CVE-2012-4540 issue not fixed in 1.42013-09-13