CVE-2015-3209 — Out-of-bounds Write in Qemu
Severity
7.5HIGHNVD
EPSS
20.6%
top 4.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 15
Latest updateMay 13
Description
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages15 packages
Also affects: Debian Linux 7.0, 8.0, Fedora 20, 21, 22, Ubuntu Linux 12.04, 14.04, 14.10, 15.04, Enterprise Linux 6.6
🔴Vulnerability Details
4GHSA▶
GHSA-f8hq-r3jp-2m27: Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPA↗2022-05-13
OSV▶
CVE-2015-3209: Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPA↗2015-06-15
CVEList▶
CVE-2015-3209: Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPA↗2015-06-15
📋Vendor Advisories
3💬Community
4Bugzilla
▶
Bugzilla
▶