CVE-2013-6399Code Injection in Qemu

CWE-94Code InjectionCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
QemuDebian Qemu
Timeline
PublishedNov 4
Latest updateMay 13

Description

Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

debiandebian/qemu< qemu 2.1+dfsg-1 (bookworm)
Debianqemu/qemu< 2.1+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.3
NVDqemu/qemu1.7.1+66

Patches

Patch: lists.nongnu.orgPatch: rhn.redhat.comPatch: rhn.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-242m-gfv2-5gmp: Array index error in the virtio_load function in hw/virtio/virtio2022-05-13
OSV
CVE-2013-6399: Array index error in the virtio_load function in hw/virtio/virtio2014-11-04
OSV
qemu, qemu-kvm vulnerabilities2014-09-08

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2014-09-08
Red Hat
qemu: virtio: buffer overrun on incoming migration2013-12-03
Debian
CVE-2013-6399: qemu - Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU befo...2013

💬Community

2
Bugzilla
CVE-2013-6399 qemu: virtio: buffer overrun on incoming migration [fedora-all]2014-05-08
Bugzilla
CVE-2013-6399 qemu: virtio: buffer overrun on incoming migration2014-02-18