CVE-2014-0145 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources

Severity

7.8HIGHNVD

OSV7.5

EPSS

0.2%

top 60.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedAug 10

Latest updateMay 17

Description

Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/qemu< qemu 2.0.0+dfsg-1 (bookworm)

▶Debianqemu/qemu< 2.0.0+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.3

▶NVDqemu/qemu1.7.1+1

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-cc9p-3fx3-m352: Multiple buffer overflows in QEMU before 1↗2022-05-17

▶

OSV

CVE-2014-0145: Multiple buffer overflows in QEMU before 1↗2017-08-10

▶

OSV

qemu, qemu-kvm vulnerabilities↗2014-09-08

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2014-09-08

▶

Red Hat

Qemu: prevent possible buffer overflows↗2014-03-26

▶

Debian

CVE-2014-0145: qemu - Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local...↗2014

▶

💬Community

Bugzilla

CVE-2014-0145 Qemu: prevent possible buffer overflows [fedora-all]↗2014-04-11

▶

Bugzilla

CVE-2014-0145 Qemu: prevent possible buffer overflows↗2014-03-20

▶