CVE-2014-0143Integer Overflow or Wraparound in Qemu

CWE-190Integer Overflow or Wraparound9 documents7 sources
Severity
7.0HIGHNVD
OSV7.5
EPSS
0.1%
top 71.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuRedhat Enterprise Linux
Timeline
PublishedAug 10
Latest updateMay 14

Description

Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

debiandebian/qemu< qemu 2.0.0+dfsg-1 (bookworm)
Debianqemu/qemu< 2.0.0+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.3
NVDqemu/qemu1.7.1

Also affects: Enterprise Linux 6.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-p7h7-ff68-wgx2: Multiple integer overflows in the block drivers in QEMU, possibly before 22022-05-14
OSV
CVE-2014-0143: Multiple integer overflows in the block drivers in QEMU, possibly before 22017-08-10
OSV
qemu, qemu-kvm vulnerabilities2014-09-08

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2014-09-08
Red Hat
Qemu: block: multiple integer overflow flaws2014-03-26
Debian
CVE-2014-0143: qemu - Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, ...2014

💬Community

2
Bugzilla
CVE-2014-0143 Qemu: block: multiple integer overflow flaws [fedora-all]2014-04-11
Bugzilla
CVE-2014-0143 Qemu: block: multiple integer overflow flaws2014-03-21