CVE-2014-3640
published 2014-11-07CVE-2014-3640: The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet…
low2.1CVSS 3.1
AVLACLAuNCNINAP
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | qemu | < qemu 2.1+dfsg-5 (bookworm) | qemu 2.1+dfsg-5 (bookworm) |
| qemu | qemu | — | — |
| qemu | qemu | — | — |
| qemu | qemu | — | — |
| qemu | qemu | — | — |
| qemu | qemu | >= 0 < 2.1+dfsg-5 | 2.1+dfsg-5 |
| qemu | qemu | >= 0 < 2.1+dfsg-5 | 2.1+dfsg-5 |
| qemu | qemu | >= 0 < 2.1+dfsg-5 | 2.1+dfsg-5 |
| qemu | qemu | >= 0 < 2.1+dfsg-5 | 2.1+dfsg-5 |
| qemu | qemu | >= 0 < 2.0.0+dfsg-2ubuntu1.7 | 2.0.0+dfsg-2ubuntu1.7 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvd2.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW